agenttesla | 693f1fea27c05fd53c8d5bfb0d51da40f1d337fccc2f81b090b0ce92b36c14a5 | Triage

Submit
Reports

Overview

overview

Static

static

Quotation6...9..exe

windows7_x64

Quotation6...9..exe

windows10-2004_x64

Sharing

General

Target

693f1fea27c05fd53c8d5bfb0d51da40f1d337fccc2f81b090b0ce92b36c14a5
Size

370KB
Sample

220521-bawc7abfb2
MD5

a734c3a4a2f35f515548277bf05bbf3e
SHA1

dfc2a4e352f8d1f1e3b6d69ffbfda6b461021cff
SHA256

693f1fea27c05fd53c8d5bfb0d51da40f1d337fccc2f81b090b0ce92b36c14a5
SHA512

f96812649c61c134af39ba5c6a631b99bd6fcdde15e913438ac90c760d852e2aa671054b3cbe834fa32944a04336dd4e8ea50da38eda8ad3a3a6d6c29e59c713

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Quotation655511048786549..exe

Resource

win7-20220414-en

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Quotation655511048786549..exe

Resource

win10v2004-20220414-en

agenttesla keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
mmm777

Targets

- Target
  
  Quotation655511048786549..exe
- Size
  
  422KB
- MD5
  
  7fa97016462d711791fd3b3dd16f0205
- SHA1
  
  1463aca8f64724d51b691a96d0f94a611ddd7d7c
- SHA256
  
  c99d0b434418dcf5e39b3389aebabfd10bd9920e5ca670bdedc08dbd0832dee2
- SHA512
  
  7b94a0df90caf98cd66485063cf93a7548997fc76ef8454462af3e7de00d4baab0b9e4e12b09cf758dbd8cd4259a8d4b8f62c9b69d5683e131d2dfa480f8a1d1
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy