agenttesla | 8c8ff96bd74a2c98b5e54cb467e01ba161c174e22a64da7a1301305c926fe463 | Triage

Submit
Reports

Overview

overview

Static

static

TT.exe

windows7_x64

TT.exe

windows10-2004_x64

Sharing

General

Target

8c8ff96bd74a2c98b5e54cb467e01ba161c174e22a64da7a1301305c926fe463
Size

212KB
Sample

220521-af1pesdaer
MD5

51ed2094895a9d59ab0ee754da581e93
SHA1

4804ba235addc7e1e9be991c9f2f09983dd96d3c
SHA256

8c8ff96bd74a2c98b5e54cb467e01ba161c174e22a64da7a1301305c926fe463
SHA512

c49632956ff17e01c6be811c45c11f30668d43d029396d669ca16e780115b0b2ce026e3026a88234490fb9452126f4ee472f07d9c87c51161cd16fede1597888

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

TT.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

TT.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.qualitypulse.sg
Port:
587
Username:
[email protected]
Password:
10EWR0203486364

Targets

- Target
  
  TT.exe
- Size
  
  392KB
- MD5
  
  12c6c1f0e5fb3368ab6554107edd565a
- SHA1
  
  73c727ccc4a8fc0309f42a1aa85a63ad33298577
- SHA256
  
  229e18e155787dc908a3a479c9c07b06fa40a17cc56a80bae93d7a2694ff8af7
- SHA512
  
  1c0c02234507af9607e1772f996bbe57d818c1d5a2a402b6bb1e9a60825b7c4382a88d00d3ba330ec667e3077d82fe9031bc63fe3078a03e21f9f13b44b73347
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy