agenttesla | b821ccca0a1ee367bcbafb0a65974deae3acca7bd092402a83ded940e248a9f8 | Triage

Submit
Reports

Overview

overview

Static

static

Purchase Order.exe

windows7_x64

Purchase Order.exe

windows10-2004_x64

Sharing

General

Target

b821ccca0a1ee367bcbafb0a65974deae3acca7bd092402a83ded940e248a9f8
Size

458KB
Sample

220520-3x4fvshfh7
MD5

c3a2e0a628d3c2a2bb1406a460e278d1
SHA1

bd87cb18e87977031aa38272e8d794a068502281
SHA256

b821ccca0a1ee367bcbafb0a65974deae3acca7bd092402a83ded940e248a9f8
SHA512

d2c1acc8b7c5198eaecfa3e1c2f857d4b382d87a34b9c1d06b6e44d40af946dcda553d977ea18bb0f2839f260e0bc73c33f23105fe77de00cff2576f3876e4d7

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Purchase Order.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Purchase Order.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.uae-messefrankfurt.com
Port:
587
Username:
[email protected]
Password:
simon080

Targets

- Target
  
  Purchase Order.exe
- Size
  
  575KB
- MD5
  
  bbb2e583f3a61310035419a7e6f79cd4
- SHA1
  
  6491737161ec1d726e91079c38c8b66254bc53b0
- SHA256
  
  a981d607c999451b8d8e26d68f66bb03abc3f6adb961a49308229940f83f6af1
- SHA512
  
  68e48f6b44037daeb98a62d5c97cdb7b334e993e2b03de8884612afa5f0d45a2c3fa62448bf2446f7a624d9ed912de82e9ad99bce84150f75fa6a1ec71c049ed
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy