agenttesla | 805c1ba1a839e79293bd7e044ec0845b5e90cddf65d458649854c4954a976225 | Triage

Submit
Reports

Overview

overview

Static

static

RFQ.exe

windows7_x64

RFQ.exe

windows10-2004_x64

Sharing

General

Target

805c1ba1a839e79293bd7e044ec0845b5e90cddf65d458649854c4954a976225
Size

367KB
Sample

220520-2xstpagbf4
MD5

c58f171be6e269aa16b82b82add8b16c
SHA1

8fa32edaca3d42b2b9a2543886a6d1462f57ca18
SHA256

805c1ba1a839e79293bd7e044ec0845b5e90cddf65d458649854c4954a976225
SHA512

4c27d9409d626aacd3a91e4552f46426604cdf51a292b4b502e29cc7b9ea7c04823ffba24bf0fc9824c709878eff92d90e0ee3095d0e0202431516e0792b4f92

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RFQ.exe

Resource

win7-20220414-en

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ.exe

Resource

win10v2004-20220414-en

agenttesla keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
@jaffinmarknma@344

Targets

- Target
  
  RFQ.exe
- Size
  
  409KB
- MD5
  
  d29fd374ffb5bd95937ed1084caefa8c
- SHA1
  
  4320812a3197c17ad10d6c36608c740e9b89f2bd
- SHA256
  
  f6c8c308519b9019ae0cce0d21759aea395e35f746b0a3853218ab321e8c8349
- SHA512
  
  d5fb85fe82e71272a98b1ef88eac93480f4716e51fa173e3c3c8f858c1616edd53878b5582e80d67ef111cce3f50e25d39489c783c52370f38d169f345fd35b2
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy