agenttesla | 384ee16633dcbadf2f4e1be25727831ea3f0fd0841e4487d5565a08f952d2352 | Triage

Submit
Reports

Overview

overview

Static

static

Urgent Inq...Q).exe

windows7_x64

Urgent Inq...Q).exe

windows10-2004_x64

Sharing

General

Target

384ee16633dcbadf2f4e1be25727831ea3f0fd0841e4487d5565a08f952d2352
Size

536KB
Sample

220520-2zkk4agcd7
MD5

7b22501d55fa735ea4968daa6b9438cc
SHA1

f94083e952bfd2b748174fe5eee955d00ef08cd9
SHA256

384ee16633dcbadf2f4e1be25727831ea3f0fd0841e4487d5565a08f952d2352
SHA512

901baa432df7f70b13701018e98a327f9048c52e119e4a8d70bce7570b54abdb232cfa153ba7b7ab1d96c33fbc69edf346f4e9170a0a9cb624ceaff29f6fa78e

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Urgent Inquiry (HEC RFQ).exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Urgent Inquiry (HEC RFQ).exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
71c7eb1f8ba

Extracted

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
71c7eb1f8ba

Targets

- Target
  
  Urgent Inquiry (HEC RFQ).exe
- Size
  
  656KB
- MD5
  
  4dcf2260b10788856a41785081a38cb0
- SHA1
  
  00baebd101ee9d01d934f9b1fb524a08289dfaac
- SHA256
  
  651b7d097b570f7c0f182fb52c3d703fbaf3b80e189d8dea1d84e5971a5ea982
- SHA512
  
  53186153f42319254031e51f3d98f2a002233c8989cfa5575fadd3236ce5f740b1219598d0aa02acda05254c7a46df541c1ee55ec99d098adb7485c5b691b341
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy