agenttesla | 409d12a5b0e51035cbc0150762491840fb8265f3d4ecc82bd8545f336a9c0ea8 | Triage

Submit
Reports

Overview

overview

Static

static

EQUIPMENT ...LE.exe

windows7_x64

EQUIPMENT ...LE.exe

windows10-2004_x64

Sharing

General

Target

409d12a5b0e51035cbc0150762491840fb8265f3d4ecc82bd8545f336a9c0ea8
Size

463KB
Sample

220521-aypd4seabm
MD5

4e8035bfd49f441a0e32c85a3c96f36e
SHA1

5fad2e695e545cede8d476c61f50aa6db1c60d6a
SHA256

409d12a5b0e51035cbc0150762491840fb8265f3d4ecc82bd8545f336a9c0ea8
SHA512

00d5a63057e15ef50f55c7bab9f55b7416769276bda4816edb1f06fdac0c19ca88851b5392390621c7d83acc7ab444112d47b0ff6ad46586c520f6078a95ee2e

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

EQUIPMENT SCHEDULE.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

EQUIPMENT SCHEDULE.exe

Resource

win10v2004-20220414-en

collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
Smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
Alibaba1

Targets

- Target
  
  EQUIPMENT SCHEDULE.exe
- Size
  
  715KB
- MD5
  
  fc65a5a3bd2125f3139bc62bf1022861
- SHA1
  
  30452e8eddb86a9a6221878a9dafb613755503d7
- SHA256
  
  faad832bfb6f193e546aad045e0d90ff28f4b7c60bf0e711a7f5ff8b90fc5039
- SHA512
  
  199cfc53790460c8b920fec7b55519b9b3f0c9df0b689f7c3e8d504f04cce0ec0aa6beed6c194c966add95914797fd958e4fae7719bc28df764854ee99b61c3c
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

collectionspywarestealer

© 2018-2024

Terms | Privacy