agenttesla | 6014fa46e5b52be9c49088fb2e8cd237bf935c83d2fb1f557e3a01bd68cedf58 | Triage

Submit
Reports

Overview

overview

Static

static

6014fa46e5...58.zip

windows7_x64

1

6014fa46e5...58.zip

windows10-2004_x64

1

#P0092737.scr

windows7_x64

#P0092737.scr

windows10-2004_x64

Sharing

General

Target

6014fa46e5b52be9c49088fb2e8cd237bf935c83d2fb1f557e3a01bd68cedf58
Size

380KB
Sample

220521-ba41bsbfb9
MD5

879bdf3d2ea00dc83062834e36ccf7e2
SHA1

27bca3871a711fa46aff05a6b1ad1ae4cefaeee5
SHA256

6014fa46e5b52be9c49088fb2e8cd237bf935c83d2fb1f557e3a01bd68cedf58
SHA512

4a268199330f6982631dc5944988251bdfbfb84cb4bb9e5e15e00f6242b5beba7733a4f9c89fb26ca9458aa9f755f9e1700d8409964ddc4e4ce64b1a541a3035

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

6014fa46e5b52be9c49088fb2e8cd237bf935c83d2fb1f557e3a01bd68cedf58.zip

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6014fa46e5b52be9c49088fb2e8cd237bf935c83d2fb1f557e3a01bd68cedf58.zip

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

#P0092737.scr

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

#P0092737.scr

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.exoticpools.com.au
Port:
587
Username:
[email protected]
Password:
SIMON3x0t1c!

Targets

- Target
  
  6014fa46e5b52be9c49088fb2e8cd237bf935c83d2fb1f557e3a01bd68cedf58
- Size
  
  380KB
- MD5
  
  879bdf3d2ea00dc83062834e36ccf7e2
- SHA1
  
  27bca3871a711fa46aff05a6b1ad1ae4cefaeee5
- SHA256
  
  6014fa46e5b52be9c49088fb2e8cd237bf935c83d2fb1f557e3a01bd68cedf58
- SHA512
  
  4a268199330f6982631dc5944988251bdfbfb84cb4bb9e5e15e00f6242b5beba7733a4f9c89fb26ca9458aa9f755f9e1700d8409964ddc4e4ce64b1a541a3035
Score

1^/10
behavioral1 behavioral2
- Target
  
  #P0092737.scr
- Size
  
  431KB
- MD5
  
  eaadfa3ac23981bfb06b63a4f8dbb6f7
- SHA1
  
  3e165aa160c709b1f2172006acf4825ce7892c9d
- SHA256
  
  15dd0d10d29e9a8844179c08a26be2eeb069604549d3470eb82993f6510d469d
- SHA512
  
  203d3812202e6476aa75d0230f69e334d818536baa7b2196e35f05206e01b0a70acfb13f8c519c888b95be641d37037418bc7671cad36c81a532effd39a7229c
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

agentteslacollectionkeyloggerspywarestealertrojan

behavioral4

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy