agenttesla | 7ace5d45a67e84cfc93e66018e4785d0b0f59e0748e40394279211a256e72e03 | Triage

Submit
Reports

Overview

overview

Static

static

Shipping D...df.exe

windows7_x64

Shipping D...df.exe

windows10-2004_x64

Sharing

General

Target

7ace5d45a67e84cfc93e66018e4785d0b0f59e0748e40394279211a256e72e03
Size

393KB
Sample

220520-3gxy5sghc7
MD5

c916fb169ff7466902909cc291b6f3bd
SHA1

5feb7daf05e3806854ad510c87789a487c8c9129
SHA256

7ace5d45a67e84cfc93e66018e4785d0b0f59e0748e40394279211a256e72e03
SHA512

f0d629ea249f6359abcaf48972ba80c413779b1ce447ac9f079435565f4a2bb7926179ae3d51af65bfc2a135857b23fbd10c9a24f1c8eb9727bf38b75d2a9f45

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Shipping DOC -Arrival Notice For BL - 120910126192 Vessel - MV Crystal BAY Voyage - 19014S.pdf.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Shipping DOC -Arrival Notice For BL - 120910126192 Vessel - MV Crystal BAY Voyage - 19014S.pdf.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
Loverboy123

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
Loverboy123

Targets

- Target
  
  Shipping DOC -Arrival Notice For BL - 120910126192 Vessel - MV Crystal BAY Voyage - 19014S.pdf.exe
- Size
  
  580KB
- MD5
  
  7e5f63f90ee013c483f9ed7b9caef45e
- SHA1
  
  2ac11e9f8fb8ce13780a9412e3c5096eda574afa
- SHA256
  
  a18c873be684866e0cd0493c18d7c6a37d5842217ef411ae92b0f47232288c06
- SHA512
  
  5c3c72b0395da197ccbbdf37e3a1fb120fec4becdd418de4a294636526a33c737533c258dabd10ab9aba1553bfc6903e4ee886e7b2d95b0a468add5e3c321ec7
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy