agenttesla | 4313df6bee4e6025934ff76ed2f7c8924b85f71b029060eede7f66d4b96eb027 | Triage

Submit
Reports

Overview

overview

Static

static

FRtsWDxBpc96ZPs.exe

windows7_x64

1

FRtsWDxBpc96ZPs.exe

windows10-2004_x64

Sharing

General

Target

4313df6bee4e6025934ff76ed2f7c8924b85f71b029060eede7f66d4b96eb027
Size

470KB
Sample

220521-bbgw7abfc9
MD5

4ce44f37fc25f9392670b5d66a6c6ac8
SHA1

11aeb44c9cc2f68ff24f02f90d0b5807ec1fc1f2
SHA256

4313df6bee4e6025934ff76ed2f7c8924b85f71b029060eede7f66d4b96eb027
SHA512

b97bf725e36c25805716de625577f656aa41b2e566f4f456ac8006ae62ffc6243a9f44c6de088fc9fc6e177621303f19327457e2ccc71f57d6cb1387e64babc8

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

FRtsWDxBpc96ZPs.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

FRtsWDxBpc96ZPs.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.sardaplywood.com
Port:
587
Username:
[email protected]
Password:
je12vi345

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.sardaplywood.com
Port:
587
Username:
[email protected]
Password:
je12vi345

Targets

- Target
  
  FRtsWDxBpc96ZPs.exe
- Size
  
  510KB
- MD5
  
  6fa5d1729bcb93c460bd3bb3ebf53eb4
- SHA1
  
  f6c9df5e9c8a6d19224967b85d87b54287563a9b
- SHA256
  
  05568298144f10100f3882592a8be0a1754c579f581a3db6316d014c7f8ca8f3
- SHA512
  
  1feb1e7d85aa0ae173f510b32b7d5ff1f2cc37b4d23888d6a8f9930f50d8953c11cd4cc363f09dd4393805ef917251ee2ccf28c52a236209207739ba06d91057
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy