agenttesla | 8306f3cdd40467e2c851d850e7d8850add41b732a57382562ae9f8b949abc5dc | Triage

Submit
Reports

Overview

overview

Static

static

Commerical...ce.exe

windows7_x64

Commerical...ce.exe

windows10-2004_x64

Sharing

General

Target

8306f3cdd40467e2c851d850e7d8850add41b732a57382562ae9f8b949abc5dc
Size

424KB
Sample

220521-ah6nfsdbgl
MD5

cf9d434e0b5911dca988ff2b3ca43f41
SHA1

39c054e1d964ff6b84546bb7dbe67b8360314386
SHA256

8306f3cdd40467e2c851d850e7d8850add41b732a57382562ae9f8b949abc5dc
SHA512

68fcc0bbb2995d9adc9b36db4df4022949217def183600ac12209b94437856eb89f3d78f07dcf48e4bc1909d2af023c97c53caeeb13c4cd665bb841b11ae4852

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Commerical invoice.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Commerical invoice.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
vicanto1994

Targets

- Target
  
  Commerical invoice.exe
- Size
  
  474KB
- MD5
  
  29e84bff08f40b0ad47e415e284c2b6d
- SHA1
  
  cd4ecfb91c6504bd8fe2da366298a28877f4da9a
- SHA256
  
  55a99c172ecc21abb477851da63336dbc01c67bc90f11d08dacd3ac2995e82be
- SHA512
  
  a39de205f7c07a8268acd4e9986d76ffa5b17849d7a7afa67283a509649a3d0b2e1d61533bc3bbc5c6a1c827cc18492175c5233e1c045a4f502794c4e78623be
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy