agenttesla | d47679272e0703a72acb1256f5ec4fe1a937867a934757cd18d739d41c04e3dc | Triage

Submit
Reports

Overview

overview

Static

static

Herewith a...ed.exe

windows7_x64

Herewith a...ed.exe

windows10-2004_x64

Sharing

General

Target

d47679272e0703a72acb1256f5ec4fe1a937867a934757cd18d739d41c04e3dc
Size

409KB
Sample

220520-3q686scccr
MD5

b4c3aeeee490b8f38416b177c642f321
SHA1

87a4798275635badc544539227948c1fe4a375b9
SHA256

d47679272e0703a72acb1256f5ec4fe1a937867a934757cd18d739d41c04e3dc
SHA512

af8fee00d296bdd39a71b4949acc1a78f75a8108162ef64f7d9011f01ef8d947e39eb4d03dcbe4450b3e6246652a45fad54ae4868c9a9f5a4639004bba807e22

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Herewith all the scanned copies as required.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Herewith all the scanned copies as required.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.hraspirations.com/
Port:
21
Username:
[email protected]
Password:
computer@147

Protocol: ftp
Host:
ftp://ftp.hraspirations.com/
Port:
21
Username:
[email protected]
Password:
computer@147

Targets

- Target
  
  Herewith all the scanned copies as required.exe
- Size
  
  487KB
- MD5
  
  7ae34697625f5ce346cd7981faae04ee
- SHA1
  
  a91f9ef9f38be360fde0afd5d7993b863d3eeafc
- SHA256
  
  70e42d439e0edb6d2a475dc3e51380469ed3c2e2d3e1a063705e60d0db2cdd54
- SHA512
  
  413b92815d9aaa074b9247eb4a5f77982d5c15a500f73c579161210f40fc70fea911107d773c93c79df7d1274c192a73ee062df71c3837c653e5e773a065ff80
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy