agenttesla | 618e5a645e7860f6eb3c64e205f94d7b31e5108f1bba32f512b4bd765b7bd66f | Triage

Submit
Reports

Overview

overview

Static

static

CvLcJcAjI2qE7PC.exe

windows7_x64

CvLcJcAjI2qE7PC.exe

windows10-2004_x64

Sharing

General

Target

618e5a645e7860f6eb3c64e205f94d7b31e5108f1bba32f512b4bd765b7bd66f
Size

504KB
Sample

220521-aqz6msafd7
MD5

1d60c44d6a3fc33552a6ac3cfcc17a78
SHA1

0070fce2fd6e1cb9d2f8e546ef391be9765cbf47
SHA256

618e5a645e7860f6eb3c64e205f94d7b31e5108f1bba32f512b4bd765b7bd66f
SHA512

3eaa555bb9a27af3964bfda71210a873b6a7528542176fd0d6f5f971cd47f826d6275f038e5a327da5c5b983eabf4852a0bc908de2f0b6eb55a0c7a0ca9a6235

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

CvLcJcAjI2qE7PC.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

CvLcJcAjI2qE7PC.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.sardaplywood.com
Port:
587
Username:
[email protected]
Password:
sup123st45

Extracted

Credentials

Protocol: smtp
Host:
mail.sardaplywood.com
Port:
587
Username:
[email protected]
Password:
sup123st45

Targets

- Target
  
  CvLcJcAjI2qE7PC.exe
- Size
  
  759KB
- MD5
  
  f53e16683cf99b5f4fea1a92663649b8
- SHA1
  
  40a48b027e0285be2d7f3ec13972d2a43b789275
- SHA256
  
  d46f5dde6c8522b2720eb3f72e3a78853fed2683844610e8fe7b774629b0a33a
- SHA512
  
  04d997dd7ec311e8237656388882f6f005f85a57adba3a98101de08e57421cd0deee1761d845868800dc455e4ce1f2a9626ef05acf90f5d8a653ec8eae960f52
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy