agenttesla | 0e7dc624230ed953cb2f6326883292e89e8157e0286f6928bc2b65b991a17919 | Triage

Submit
Reports

Overview

overview

Static

static

23RF-6292020 (2).exe

windows7_x64

23RF-6292020 (2).exe

windows10-2004_x64

Sharing

General

Target

0e7dc624230ed953cb2f6326883292e89e8157e0286f6928bc2b65b991a17919
Size

349KB
Sample

220521-b6sbeagbej
MD5

46e1a696a7a038e547773f176ec46985
SHA1

11c5e51624e94f3cd6b4c98ee3896248b7587cfa
SHA256

0e7dc624230ed953cb2f6326883292e89e8157e0286f6928bc2b65b991a17919
SHA512

94770b6b6ef2620f09095ca688b14b0530e9651d797eef9d531107e0b273ed0152a34a67e9f29d2bcc4788ff23d63bd78155bb18c30ef0d3c3ae92bcaaf3ca94

Score

10^/10

agenttesla collection evasion keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

23RF-6292020 (2).exe

Resource

win7-20220414-en

agenttesla collection evasion keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

23RF-6292020 (2).exe

Resource

win10v2004-20220414-en

agenttesla evasion keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.rajapindah.com
Port:
587
Username:
[email protected]
Password:
#r4j#citeureup#13

Targets

- Target
  
  23RF-6292020 (2).exe
- Size
  
  404KB
- MD5
  
  1d0c89e5eda4b9ec0262235d7cab44bc
- SHA1
  
  31b5017599bcdd9e98aeb42abe6e736d08924eb9
- SHA256
  
  09e3903ce69ce7833be44661f3c02fdee3304b78afcb1314344f7e8c9588e4a7
- SHA512
  
  6ce5dc1028daeec162b825ee8ca09713617d702b439e4c620f79e7d621c00df66ed505c203ae038f909f1dc76a6033e19bfd6bc500f0ab3839806ab5f2faed45
Score

10^/10

agenttesla collection evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionevasionkeyloggerspywarestealertrojan

behavioral2

agentteslaevasionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy