agenttesla | 7959339db1709eabe418e3ca540f004fa7859fc53153ecfea1e64fd372d92f37 | Triage

Submit
Reports

Overview

overview

Static

static

PURCHASE ORDER.exe

windows7_x64

PURCHASE ORDER.exe

windows10-2004_x64

Sharing

General

Target

7959339db1709eabe418e3ca540f004fa7859fc53153ecfea1e64fd372d92f37
Size

589KB
Sample

220521-aldf3sdchj
MD5

fb0ecb8c3c946332d005ddea5430b273
SHA1

e29289dcfd084f7c8a2d413256243ff889a83db9
SHA256

7959339db1709eabe418e3ca540f004fa7859fc53153ecfea1e64fd372d92f37
SHA512

89d794dfa7a415f8f34151191dc02fa5137fb4ac14c9cb5346f7d247fb2372d9691185c96320fb75ece70cd1b403da46ca9bcb0dd928d4304488bbd821e3abc4

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PURCHASE ORDER.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PURCHASE ORDER.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.a-k.co.ir
Port:
587
Username:
[email protected]
Password:
09133434194

Targets

- Target
  
  PURCHASE ORDER.exe
- Size
  
  849KB
- MD5
  
  fe96b4b87c6023b699ccc5ece8485e14
- SHA1
  
  d29f6473b45d6dd8d9c89e376cf87e004278cd9a
- SHA256
  
  ee24bdde3b389e8776f89333aa2a9fe433d8a49c22a7b594b0db8f70b868de1a
- SHA512
  
  7900e2a057a9a13e48d2642d7dbabb779c52263bb002cc20d07a6dbb68b67c4f9ce7b6962d027c184b93a0c9a14ec6b2247c7b05ec59f003aa117f5129f366d6
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy