agenttesla | 667b9a701b198ccd2e8a80aa087afd75eb056805086cced0b7bc107142558a9b | Triage

Submit
Reports

Overview

overview

Static

static

PRICE_IN.exe

windows7_x64

PRICE_IN.exe

windows10-2004_x64

Sharing

General

Target

667b9a701b198ccd2e8a80aa087afd75eb056805086cced0b7bc107142558a9b
Size

1.3MB
Sample

220521-apq7caaeh7
MD5

20aa3ba82a4de0cfa1bd2a30f583ca11
SHA1

ea0247da6e269cb90e63e749651ba99f6c8b2ac0
SHA256

667b9a701b198ccd2e8a80aa087afd75eb056805086cced0b7bc107142558a9b
SHA512

cb24a62e10052aa8f44226d835d3f6eaa0c28d47b10eedca211dc1c6a6a0a5e832968e8cb21d54f6055ac3073b5123b83a2c69e9df2a069ce734bc544614304d

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PRICE_IN.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PRICE_IN.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
lasco4000@@

Extracted

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
lasco4000@@

Targets

- Target
  
  PRICE_IN.EXE
- Size
  
  760KB
- MD5
  
  d8e4b336d3cea4fccdf15d91710d253b
- SHA1
  
  cf8d29721db66b16216315f2474c7e29f0a06af1
- SHA256
  
  144e37b521d59ab49d1e2f132802e8cc93f863ccaec2904b6914335ec2681cd1
- SHA512
  
  a9191c0174e5f6152c0fbe3490b9fd3d2908e0e5adf34e94222d249b959a1c0d4e996fb0c758600ea859a619ef79951443f4256056530919cabe1f1d4351e103
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy