agenttesla | 674ff8b627f6d0e5c294518e5272a82230099a74dd87466941233f5091f05666 | Triage

Submit
Reports

Overview

overview

Static

static

YOKOHAMA T...DF.exe

windows7_x64

YOKOHAMA T...DF.exe

windows10-2004_x64

Sharing

General

Target

674ff8b627f6d0e5c294518e5272a82230099a74dd87466941233f5091f05666
Size

391KB
Sample

220520-2ykjpsgca2
MD5

d7473bd45be889d5eddcdd994ac84216
SHA1

eb69cfff1b8d678be89cd26dcf364abd294fe0f0
SHA256

674ff8b627f6d0e5c294518e5272a82230099a74dd87466941233f5091f05666
SHA512

d9b33ad31e4f286a94b9c75628b07e2a606007794f27735b45699c8abdfa07f47aff3a57f35de3293a670b85935f74834cedae543a9edda0e0bf526210439045

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

YOKOHAMA TYRE VIETNAM INC RFQ_PDF.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

YOKOHAMA TYRE VIETNAM INC RFQ_PDF.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.greebals.gr
Port:
587
Username:
[email protected]
Password:
g#BE=fpMXx@B

Extracted

Credentials

Protocol: smtp
Host:
mail.greebals.gr
Port:
587
Username:
[email protected]
Password:
g#BE=fpMXx@B

Targets

- Target
  
  YOKOHAMA TYRE VIETNAM INC RFQ_PDF.exe
- Size
  
  438KB
- MD5
  
  1fb477f037a5781626e07de476928154
- SHA1
  
  d73e53aba93e68cd66c9f68bdce0d1a61d8e7cfe
- SHA256
  
  cdbac6d4c4c6c722cf135d95f1c0e3d818dc660039ff4ad802c8ce4cc0f7145b
- SHA512
  
  60d41f5b320d3f29f89b163ebb70e4b06301d0ea6906acafb99e413258fe4d0976580f3f393f10f15590ba30b47edcf6c963163c62e91a02d300a73c6036517c
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy