agenttesla | 7cc3810e9ec12dadac126413d2317a2ee3b5d0cef2d6771aa0b03eaea5039c4d | Triage

Submit
Reports

Overview

overview

Static

static

Swift.scan.pdf..exe

windows7_x64

Swift.scan.pdf..exe

windows10-2004_x64

7

Sharing

General

Target

7cc3810e9ec12dadac126413d2317a2ee3b5d0cef2d6771aa0b03eaea5039c4d
Size

342KB
Sample

220521-b2wg9sfhhp
MD5

a8a2ccd74d0ff53b9fb8655ad5821aa8
SHA1

3e01ab9b98f575213f37f374cd80aafb056118cc
SHA256

7cc3810e9ec12dadac126413d2317a2ee3b5d0cef2d6771aa0b03eaea5039c4d
SHA512

1e43bd1679879b6b0a60cbeb9170658cc820851d5ebb806fd08c4fb04a713d51bc9c04603e5c085a49f6fc551eed09d82d91f52306927521eb4c282887149ae6

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Swift.scan.pdf..exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Swift.scan.pdf..exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.ceasmania.ro
Port:
587
Username:
[email protected]
Password:
abc+123ABC

Targets

- Target
  
  Swift.scan.pdf..exe
- Size
  
  387KB
- MD5
  
  b639feeb11fb34d180a8d5e56525f9fb
- SHA1
  
  6692d4456af443bdeac9c221eeb9fb21c13681e8
- SHA256
  
  b9772ef962373f4f5e7c5e4169812301f7739d2df4b1d3dcbeea84d6eed162b3
- SHA512
  
  204ac33876477d553647c231e9a7304c6873ab7e620447b4369a9c80719c2cbbf6c3ef5c594bee8a26f0dd5eb0966b317301b625f4ad86a1fe422daaf2cd314c
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops startup file
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy