agenttesla | 824d441088d742b4e313ebb1782126ec4f3c85229a39b07f285225bd1d89416a | Triage

Submit
Reports

Overview

overview

Static

static

REMITTANCE...f..exe

windows7_x64

REMITTANCE...f..exe

windows10-2004_x64

Sharing

General

Target

824d441088d742b4e313ebb1782126ec4f3c85229a39b07f285225bd1d89416a
Size

529KB
Sample

220521-aje7wsacg3
MD5

bff4bd58e6f552b838fe814e48b014cb
SHA1

5bb2a96c7371e76441635c64c4d0f308b70b98b4
SHA256

824d441088d742b4e313ebb1782126ec4f3c85229a39b07f285225bd1d89416a
SHA512

8b7f9f176cd77008caf367575928d22d7b1023fb0a0a8d75f1e3fb4ee3737671fe065b5de1959b06187b2a66e55e4d9098913df70f8314a771c2cfec20452c10

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

REMITTANCE ADVICE IF01112000212823419.pdf..exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

REMITTANCE ADVICE IF01112000212823419.pdf..exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.stankovic.hr
Port:
587
Username:
[email protected]
Password:
mp58zg

Targets

- Target
  
  REMITTANCE ADVICE IF01112000212823419.pdf..exe
- Size
  
  790KB
- MD5
  
  8e2843ecd350a81987669f750bbfe5ff
- SHA1
  
  8a2b87b5b5301ff5846de2afcd44ac968c7799e6
- SHA256
  
  86e731609c61fdf28983435240b0e28b9548ec53863c2db87036f0f79313c33b
- SHA512
  
  0d33b1ea56dec2c29e8875904f75d0dcae25bf26bce9d9e34b528f38b4a7fa458d7dde0fca5d4031c739e12a8ea6293be5d2d19d5e529c93e8460fe06a5617ea
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy