agenttesla | 8aa2115c37d26f08727c93059a9c7b16f442185a3370405b435deb9be8dbcf28 | Triage

Submit
Reports

Overview

overview

Static

static

IMG 24344 ...DF.exe

windows7_x64

IMG 24344 ...DF.exe

windows10-2004_x64

Sharing

General

Target

8aa2115c37d26f08727c93059a9c7b16f442185a3370405b435deb9be8dbcf28
Size

400KB
Sample

220521-brszdsfddl
MD5

d102c47079981272eaa11c9e9c7438b8
SHA1

7729bdeeda8d124e37327222b89cb6622b7dce23
SHA256

8aa2115c37d26f08727c93059a9c7b16f442185a3370405b435deb9be8dbcf28
SHA512

417df46fea3d979df498df99333f08a8181cff7696b0f72f6fcee634c07ce7b721e2d132dbef0ab6a8f60662d5c09d3b20453843fb5b829fef73bc2cd18660c9

Score

10^/10

agenttesla collection evasion keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

IMG 24344 NEW ORDER_PDF.exe

Resource

win7-20220414-en

agenttesla collection evasion keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

IMG 24344 NEW ORDER_PDF.exe

Resource

win10v2004-20220414-en

agenttesla collection evasion keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.candenizcilik.com
Port:
587
Username:
[email protected]
Password:
519025

Targets

- Target
  
  IMG 24344 NEW ORDER_PDF.exe
- Size
  
  423KB
- MD5
  
  28fe82a91916a43d7912560322d5042a
- SHA1
  
  3f203b3f888487fe4afc0f99fd51906788e70449
- SHA256
  
  fcf065630d1e02025c3ffe61405ccf6df1f2bf2ecc375a5122a1fc4ad4a4368e
- SHA512
  
  72953b2d5fdd774d2336267d27b068ec6fd522f4ba45b07007b1ce10d69f3a3685a58edce208aecd4b3c436457aa3866e7a9dabafdee6455eed1f09a37e34504
Score

10^/10

agenttesla collection evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionevasionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionevasionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy