agenttesla | 9e66b6dc6da67edba4a09839d2ab3fed6ccfee437beec9d899ecc1ec6d031258 | Triage

Submit
Reports

Overview

overview

Static

static

E-Order # ...04.exe

windows7_x64

E-Order # ...04.exe

windows10-2004_x64

Sharing

General

Target

9e66b6dc6da67edba4a09839d2ab3fed6ccfee437beec9d899ecc1ec6d031258
Size

400KB
Sample

220521-ab3cfscggq
MD5

7d68a58318d6aad0642f3c246ef80f62
SHA1

9e6aa8ead52e99839c3894c11e4cb0eef4e42d55
SHA256

9e66b6dc6da67edba4a09839d2ab3fed6ccfee437beec9d899ecc1ec6d031258
SHA512

54b1f48dea8ce41ffa5bce227a3750e29493cc85bac247f3d4d1e202a5fe7fb3700b7584e92a75886aab09f23013776b24a5643a05620559cab27a85e4c42a30

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

E-Order # EPHMMR36114604.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

E-Order # EPHMMR36114604.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.macboys.com
Port:
587
Username:
[email protected]
Password:
appleservice

Targets

- Target
  
  E-Order # EPHMMR36114604.exe
- Size
  
  440KB
- MD5
  
  0da7a054e4ae5e6c1c364dc82b31aa99
- SHA1
  
  2cc09c42a23e1acd05945021b9d4a2a42b723309
- SHA256
  
  79c686d932bddbaee7d5468e72d1f6230b1b9f67ae28d45296219a1bd3c99ec7
- SHA512
  
  b0a23e2aa22eae61a32ac57f4fef46413333a1e4debef2a9fdfacd75c9589e279cbe2333849c5e702cc5e195db658637cb74c91f8d93bc85eefa1a00635e8f7b
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy