agenttesla | a4f5e000d6182c29149e9c6d5bc2fee42543c3971db9f4c8dc353d6594455fa6 | Triage

Submit
Reports

Overview

overview

Static

static

Transfer slip.exe

windows7_x64

Transfer slip.exe

windows10-2004_x64

Sharing

General

Target

a4f5e000d6182c29149e9c6d5bc2fee42543c3971db9f4c8dc353d6594455fa6
Size

474KB
Sample

220521-aaqbhahhe4
MD5

0d1dedb62312754d9ae601664c41b09d
SHA1

7ab06c4e8b15bc2c6d6fd9d8414a2b135ebc67dc
SHA256

a4f5e000d6182c29149e9c6d5bc2fee42543c3971db9f4c8dc353d6594455fa6
SHA512

a25958216d625dfbcfc0dff208c7f91acc2b8b4442b5514e7e8be0534fbf26f1e5bb39fcb03cfda387d92568457afc437635552af51be37deb400a4d79fe486d

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Transfer slip.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Transfer slip.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
locowise12345

Targets

- Target
  
  Transfer slip.exe
- Size
  
  621KB
- MD5
  
  e9047a742afd9baafd5ddc59aab49707
- SHA1
  
  1526c70019d3f9c5e13b411c4c7d5274d56354cc
- SHA256
  
  b5168cc25cfcd2e305a680adc90e657dbaa81433f49d1cf10ded3e83062697ee
- SHA512
  
  78fb957dbdb947557720f63fa01afcc18e17c26f1676646ab73a6c2fb1aec7f16c624d78b3c87b4d2b19c2b1d078fc64ecda40637180153847b643310f6e51e6
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy