agenttesla | 7cbef094aae68414fdd873332597340be798f187d1c33c10df9598c8d5197dcb | Triage

Submit
Reports

Overview

overview

Static

static

Urgent RFQ...02.exe

windows7_x64

Urgent RFQ...02.exe

windows10-2004_x64

Sharing

General

Target

7cbef094aae68414fdd873332597340be798f187d1c33c10df9598c8d5197dcb
Size

419KB
Sample

220521-akhpeadcdm
MD5

4679642eed17c96afca5015c41505088
SHA1

8c39bd50b2ce79c4c62868c494bb21473347c91f
SHA256

7cbef094aae68414fdd873332597340be798f187d1c33c10df9598c8d5197dcb
SHA512

bbbe1717bfeae8c00dd6225f89f9913b607894d3eda740bc397871475e115420193118ed4708348f6e43fc793b4e0e9130e6b99bec05f87b6ee7be4acb07f8f8

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Urgent RFQ -MR-002.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Urgent RFQ -MR-002.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
ckali231

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
ckali231

Targets

- Target
  
  Urgent RFQ -MR-002.exe
- Size
  
  748KB
- MD5
  
  296358935c929c2eec83a1d45bcdf7fc
- SHA1
  
  2a13120aac47dda49a3b1721503bb8cd261cfd89
- SHA256
  
  fa6093150da69da8d7e10fc94dbff851ea8c56ae75b0ee9122cfd0f03bad07b3
- SHA512
  
  4dad91002128d9daec15db6110f3cb38d20875fc8e4f3e455c5bb845f89cec2876970ba2bb8f4b13d58fb87c90aa60fab7d798eeb2105ea8de35128136a4a38d
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy