agenttesla | ce20ed1addaacee45455d1860e4db0147df147db101397595847be0bbf034ba8 | Triage

Submit
Reports

Overview

overview

Static

static

Payment Advice.exe

windows7_x64

Payment Advice.exe

windows10-2004_x64

Sharing

General

Target

ce20ed1addaacee45455d1860e4db0147df147db101397595847be0bbf034ba8
Size

472KB
Sample

220520-3sv9pacchq
MD5

9cfef83d9fe5e5a6698095c9587fdb60
SHA1

275844ff56fd005d16a68f6ffda40763b66ab09d
SHA256

ce20ed1addaacee45455d1860e4db0147df147db101397595847be0bbf034ba8
SHA512

2f369be63aed01f3b9a89cee44087ba62ba91b659e2af084a279cd15b3dfe7c44eed0a8385916a080a3ba90b4fddd5ee808af0529cd3eb41b07f3aaafa440a7c

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Payment Advice.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Payment Advice.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.rezuit.pro
Port:
587
Username:
[email protected]
Password:
FHh@IY!6

Targets

- Target
  
  Payment Advice.exe
- Size
  
  583KB
- MD5
  
  7756e27c0e1bf3a7570dc64d25f7b2b2
- SHA1
  
  c7310dbaf416667d9bcd2ea3223e76abbc1223f7
- SHA256
  
  00318700fdcaaec780be04e2902af39ef9864e977db257eec6c8d3792d7aa085
- SHA512
  
  558ec71918509504948c2c0ab6ae3eeb13f5b8321579a75ac2bb825b7821edcb94e7b0afab0cbc7e190b07c5c37c7f58ab4d61ad287e9134c1ccd36e57fc307c
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy