agenttesla | 7a4f051a912be89903a8f1221516fafdbacdff7f86362a27ed16e9343abc244b | Triage

Submit
Reports

Overview

overview

Static

static

SHIPPING D...TS.exe

windows7_x64

SHIPPING D...TS.exe

windows10-2004_x64

Sharing

General

Target

7a4f051a912be89903a8f1221516fafdbacdff7f86362a27ed16e9343abc244b
Size

559KB
Sample

220521-ak5h6sadc8
MD5

c274a08b5c872900f7f86ae70ede6364
SHA1

afc38e47dbe164390e25076302c4b4a03836e83e
SHA256

7a4f051a912be89903a8f1221516fafdbacdff7f86362a27ed16e9343abc244b
SHA512

f285c8d82cb1699497ddf7b8311dc85e4c565f4ac60ed15d46b98f39e851f4168ebf58ffaccf24cf62dd7489b7e20711073011273bd47449517f915cf451e54c

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SHIPPING DOCUMENTS.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SHIPPING DOCUMENTS.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
challenge12345@

Targets

- Target
  
  SHIPPING DOCUMENTS.exe
- Size
  
  740KB
- MD5
  
  2374afb9995036716d57a36341f6d6c6
- SHA1
  
  64ce83971c2aa6c5ab6b75d4869cbd9c5a23d457
- SHA256
  
  e157307a0ae395f69fc74b41439b15540f0782dc03b0298146f928e88344dc86
- SHA512
  
  bee3229351493064f9902465a2bba62c0fee7aaeac312eda9a1c67ad494dd060fa5210908d270569043585a6cff4bd5da29c17f2eecabbdab39226a8f4f2956a
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy