agenttesla | 9e13aae5d25df14c8ec998a4298c35c515a399637807ab94ac3cf9eb2b1e9ce9 | Triage

Submit
Reports

Overview

overview

Static

static

Reference ...ed.exe

windows7_x64

Reference ...ed.exe

windows10-2004_x64

Sharing

General

Target

9e13aae5d25df14c8ec998a4298c35c515a399637807ab94ac3cf9eb2b1e9ce9
Size

583KB
Sample

220521-ab54cacghj
MD5

b40948b69eca7f4323f66c55989c14a1
SHA1

5eac5f0ea770b37a12ab1283b2ca855f21e98c7f
SHA256

9e13aae5d25df14c8ec998a4298c35c515a399637807ab94ac3cf9eb2b1e9ce9
SHA512

336e0e7f340a3f27cc9d4bcb6a29f8c4f0f0c85cc8240107ec5016b9209c642b5b02fb0301cbe1cafbeafc2dc5fd1a9e5d9d0c992fe32b55de7ec8e7ff8b08ba

Score

10^/10

agenttesla collection keylogger spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

Reference details PO required.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Reference details PO required.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
webmail.volivesolutions.com
Port:
587
Username:
[email protected]
Password:
6@[B*n30b7SH

Extracted

Credentials

Protocol: smtp
Host:
webmail.volivesolutions.com
Port:
587
Username:
[email protected]
Password:
6@[B*n30b7SH

Targets

- Target
  
  Reference details PO required.exe
- Size
  
  750KB
- MD5
  
  deb8bf5b3dabe802227395612be4b451
- SHA1
  
  71110e146a14cbf2e878e11375ef9801abb2012a
- SHA256
  
  7f2bd4e2510a0bbc2d9b47c90aea8d83e4cf42df957f3908628ff22730fd00f6
- SHA512
  
  4701efaa4c6a5a73108c6ee1642034c9e413d5853e62220d14257e8b2a32bedef50c539aa18335599c8360f6b75dee68919e038dc21b3cf12ccfc4d9e6132ba0
Score

10^/10

agenttesla collection keylogger spyware stealer trojan suricata
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- suricata: ET MALWARE AgentTesla Exfil Via SMTP
  suricata: ET MALWARE AgentTesla Exfil Via SMTP
  suricata
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy