agenttesla | f1ff478a7d34676393c480932ec4c3b17c790d1bb1ea719d21b55efce7042677 | Triage

Submit
Reports

Overview

overview

Static

static

Inquiry162020.exe

windows7_x64

Inquiry162020.exe

windows10-2004_x64

Sharing

General

Target

f1ff478a7d34676393c480932ec4c3b17c790d1bb1ea719d21b55efce7042677
Size

381KB
Sample

220520-3krljahaf9
MD5

cd7bb1fc6034ee1eb6a0a9e973c52e83
SHA1

2e8bb474df1f60e582fae7731592f3d73acc09ad
SHA256

f1ff478a7d34676393c480932ec4c3b17c790d1bb1ea719d21b55efce7042677
SHA512

b148f67ab16f4417a0e0c684e42c00e52c1e9a2272c4227f4a2096aa5471cebefb80d8c463b54820190ab68004ee36d25cd499766ed6e1d18aab790fc6457848

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Inquiry162020.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Inquiry162020.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
anyanwu3116

Extracted

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
anyanwu3116

Targets

- Target
  
  Inquiry162020.exe
- Size
  
  561KB
- MD5
  
  545f0d6c85e724cdf181bbb695d6adb1
- SHA1
  
  d2593a8ab114593c16b77914acddd9d917fb58a1
- SHA256
  
  b6e27dd859c2b932284d6a65629a1df3f262ba01b11c56281935dcf6beecdf8f
- SHA512
  
  2b896a6b3f09148a5b912d5a4e2cf0014ddd52abc3ba38f67ca79bfc53f440802b45542cc9b4cabedd5c8e0cea9f413c0a368f98fc04adf4ad7af456cb6dceee
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy