agenttesla | a86b3e0f1e9a2b6041c70b059ebc2ca72b2dbe107ebca835225da4bc430e3f8a | Triage

Submit
Reports

Overview

overview

Static

static

AWB & Invo...nt.exe

windows7_x64

AWB & Invo...nt.exe

windows10-2004_x64

Sharing

General

Target

a86b3e0f1e9a2b6041c70b059ebc2ca72b2dbe107ebca835225da4bc430e3f8a
Size

603KB
Sample

220520-315hbshhc6
MD5

12ff7e8c828687a0491712960208fb75
SHA1

050447aac5b0bd17555eae969114f6c81dca95c2
SHA256

a86b3e0f1e9a2b6041c70b059ebc2ca72b2dbe107ebca835225da4bc430e3f8a
SHA512

3100ed5d9732fda2634408cb0dc4ca2d531c9572b248638206e6c00ab337d5926173a051fe7a3411f0f7ae0eb97abf7cf407f58fb075496639b6abee30782498

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

AWB & Invoice -TNT Shipment.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

AWB & Invoice -TNT Shipment.exe

Resource

win10v2004-20220414-en

collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
^#@&^54433333

Targets

- Target
  
  AWB & Invoice -TNT Shipment.exe
- Size
  
  772KB
- MD5
  
  e4a5d743052e9e0c567269b98edda3b9
- SHA1
  
  cebdbcdcac76701fa99761930e8c80c21d03059e
- SHA256
  
  d68a3fdd922868d3886be6c90f18cf232a0051b68f8232f67743e5b8df0ee914
- SHA512
  
  5eb13cf59fd28235f23c0ccef7ce33db109daaadc9d7f6c3f81ba3891f7fe48193bf5119f11db1e637492eaf5567b67fcb4d87600981828024c30c2e75eaba35
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

collectionspywarestealer

© 2018-2024

Terms | Privacy