agenttesla | aadeddf7085ebe4c3baef70203b5891e00ca771437f6a99176fe0ce99e965943 | Triage

Submit
Reports

Overview

overview

Static

static

COTIZACIÓ...75.exe

windows7_x64

COTIZACIÓ...75.exe

windows10-2004_x64

Sharing

General

Target

aadeddf7085ebe4c3baef70203b5891e00ca771437f6a99176fe0ce99e965943
Size

455KB
Sample

220520-31shrshha9
MD5

04c5f2dfa1565b642dc1172e884cb317
SHA1

4f3570766f300b711805eb372a8fe5ccb5f7c547
SHA256

aadeddf7085ebe4c3baef70203b5891e00ca771437f6a99176fe0ce99e965943
SHA512

4ae2e650e90dd74d56851d7c93557bdf8e45924c628492d09826cbc39862274ca32d3f410d4b1c8b3477f107b4550b8dfe74cdf7d67dd4db8c7ba5c34ebec7da

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

COTIZACIÓN__pdf_______________________________________________________________________________657575.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

COTIZACIÓN__pdf_______________________________________________________________________________657575.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
SMTP.epaindemgroup.com
Port:
587
Username:
[email protected]
Password:
aduR#@wG#r73

Targets

- Target
  
  COTIZACIÓN__pdf_______________________________________________________________________________657575.exe
- Size
  
  558KB
- MD5
  
  ed125c3cecce28197ac78d02b2b726dc
- SHA1
  
  936593ab3c355cc050d726d1ecb804734256eb91
- SHA256
  
  068f8f5419192944a9428ea625fe56e1e8ad5cc35547988c335293975b952591
- SHA512
  
  44800d2fbb240a54b36420eeb57d65f772f2ef0853392a9234d98108365e3006b79b2f131a659720c7d8917db6e4d6e33c14e619636a521e75819336fa8bbb40
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy