agenttesla | 386c4326071c1acde4250d879faf8b465669ea204dcc9b0716969624db277935 | Triage

Submit
Reports

Overview

overview

Static

static

b2fK6CUY7ZOdPkM.exe

windows7_x64

b2fK6CUY7ZOdPkM.exe

windows10-2004_x64

Sharing

General

Target

386c4326071c1acde4250d879faf8b465669ea204dcc9b0716969624db277935
Size

469KB
Sample

220521-az7l3seafm
MD5

eabb4c31a1a98fedb8a24b9eee7863b1
SHA1

32ca438eb32c87fbe62ecdb3d16036d6ab7268aa
SHA256

386c4326071c1acde4250d879faf8b465669ea204dcc9b0716969624db277935
SHA512

ca35fa81920c4373309f210200232ca7c5cc7bf435ffc8418895fcc76bd3e157ae8926f6ed7df8b0f719129b4e1e20c6cfd844fc23df3f9eb71f8c385b0adaef

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

b2fK6CUY7ZOdPkM.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b2fK6CUY7ZOdPkM.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.sardaplywood.com
Port:
587
Username:
[email protected]
Password:
je12vi345

Extracted

Credentials

Protocol: smtp
Host:
mail.sardaplywood.com
Port:
587
Username:
[email protected]
Password:
je12vi345

Targets

- Target
  
  b2fK6CUY7ZOdPkM.exe
- Size
  
  667KB
- MD5
  
  6d2b65710b2167d358d36f4304d5c9e7
- SHA1
  
  bd68ff6f8c8213bc968295c8565247039a829841
- SHA256
  
  59842fc6ee45de0381e917668856445fffcdfd3c6f42c8c229673ff33ff61f99
- SHA512
  
  dd2a05d48315711aa76340b3693fa37917536b0efc7686655d2a9e526e50310a1eef716b22eee60a1a3c77641812d8a3a400f07774bc3046389c471f2e523839
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy