agenttesla | 4d7ab9269873230761c581e689fbf2a2c2ee27b0417f7d2dc744aba3ae026baa | Triage

Submit
Reports

Overview

overview

Static

static

PURCHASE O...PY.exe

windows7_x64

PURCHASE O...PY.exe

windows10-2004_x64

Sharing

General

Target

4d7ab9269873230761c581e689fbf2a2c2ee27b0417f7d2dc744aba3ae026baa
Size

419KB
Sample

220520-3cwwaabfaq
MD5

2a4878796dafc9e089d494655e3e00c1
SHA1

fa270fa2fda225ff3171b8ab30cdd20cbb2e08f0
SHA256

4d7ab9269873230761c581e689fbf2a2c2ee27b0417f7d2dc744aba3ae026baa
SHA512

805759e6be08bf142d31e05be2329fedc369abff52d5c39041f3eb2b00d8836752922b9c306abb3251a8ee9ed9efb6c2f68bb59c8b752fe57ef171fd25d2f058

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PURCHASE ORDER COPY.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PURCHASE ORDER COPY.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.taiemerica.com
Port:
587
Username:
[email protected]
Password:
JuCbr%o3

Targets

- Target
  
  PURCHASE ORDER COPY.exe
- Size
  
  485KB
- MD5
  
  6927d6f3b944792f8ded8a5573f146e1
- SHA1
  
  8e8a2d6d76e266a63740fea720ee9dd8ae637a2e
- SHA256
  
  61252e269429d13733b530dc84094e7dacd56cbf157959314d4dd6029c6ff531
- SHA512
  
  ef87ab3434580e479c9b022bdc6a5e2f9ba2b4ea1786e94ef398d1918b14586bc8341f501c00d762ba5ab44d84c7e5d2bf55aab86fc67d7cca23ddd27b304f92
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy