agenttesla | 419d3b189d0b98fddf2de529d70852190b1460e2be7eeb128748181411c701ea | Triage

Submit
Reports

Overview

overview

Static

static

Quotation ...ng.exe

windows7_x64

Quotation ...ng.exe

windows10-2004_x64

Sharing

General

Target

419d3b189d0b98fddf2de529d70852190b1460e2be7eeb128748181411c701ea
Size

424KB
Sample

220520-2zbyysbcap
MD5

a1efa70140c912357f249c12d6c9af4b
SHA1

7cf9e0acd0612f61d9b317284026b30333a475b6
SHA256

419d3b189d0b98fddf2de529d70852190b1460e2be7eeb128748181411c701ea
SHA512

cdfe115a99e251266e40401f25dcd236312b402f2886f070b41e7db669dc5acc5a00238ffcf06670fdee27b402d5819f7372c30095b68405c1deefe8606d7e6b

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Quotation Bailey Trading.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Quotation Bailey Trading.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.pierreinsurancebrokers.com
Port:
587
Username:
[email protected]
Password:
advisor@1234

Extracted

Credentials

Protocol: smtp
Host:
mail.pierreinsurancebrokers.com
Port:
587
Username:
[email protected]
Password:
advisor@1234

Targets

- Target
  
  Quotation Bailey Trading.exe
- Size
  
  490KB
- MD5
  
  45ed49bc00c8352417d38b274a09e3a0
- SHA1
  
  2b5b5dec00fa95cc35ce534eb9375afd26a0c1ad
- SHA256
  
  07c711fae257407249a60f7f55cdf1125d76431ce6bbc6e25313c06af4a9f101
- SHA512
  
  5de0c47912de38f415bdc533b569db98f5bfb3e885cad384010ba5b4805262ceaa255e6045b052c816822acf19cb47b386d4ee08be858a8a2442f3f3f5ea7142
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy