agenttesla | bbe4d7f761f6307dcbaf517ca5983221e1d8a53aa56c6b2f05c33f8f13513614 | Triage

Submit
Reports

Overview

overview

Static

static

Informatio...ts.exe

windows7_x64

Informatio...ts.exe

windows10-2004_x64

Sharing

General

Target

bbe4d7f761f6307dcbaf517ca5983221e1d8a53aa56c6b2f05c33f8f13513614
Size

503KB
Sample

220520-3xc9nshfe6
MD5

7a49fa3fc99202c7f376bb7f2d56a601
SHA1

4f9b99bf1debffab76ca883872afba5693b1a9e1
SHA256

bbe4d7f761f6307dcbaf517ca5983221e1d8a53aa56c6b2f05c33f8f13513614
SHA512

6cbf4e23db056be2f6170fbf6d943dea8d4f35510b4d82fc6e155851db7d88bdb62851033ffca14057c950c95ecd48256067158047d42f56cac87d06eda48815

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Information and requested documents.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Information and requested documents.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.hraspirations.com/
Port:
21
Username:
[email protected]
Password:
computer@147

Protocol: ftp
Host:
ftp://ftp.hraspirations.com/
Port:
21
Username:
[email protected]
Password:
computer@147

Targets

- Target
  
  Information and requested documents.exe
- Size
  
  758KB
- MD5
  
  c32cd33fadb4de3563ca97d7bf9df4ae
- SHA1
  
  b8ea747a906942e1089bafa3c253d8ca53b6acbc
- SHA256
  
  31c08b891a2cdd18895f42d331783f628cf27dca9ee41691e206fb0e6a57471e
- SHA512
  
  7b7a5342109ba84e1489271ce036d6e5b7eed0b498282e45f9944d2a451de9d988da8183c102e609ee60765af7dc600577fbda9ab7ae88732c8e8a0c8d433abd
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy