agenttesla | 0297de22b433fe7ecee63b5f80b78c4749bb8f4cfec0cd737713d87781d1db52 | Triage

Submit
Reports

Overview

overview

Static

static

import_documents.exe

windows7_x64

import_documents.exe

windows10-2004_x64

Sharing

General

Target

0297de22b433fe7ecee63b5f80b78c4749bb8f4cfec0cd737713d87781d1db52
Size

268KB
Sample

220521-by5a1afgfk
MD5

e1bbf29e91649fd3a3c7a6b20a301860
SHA1

396d67661068020cc743b05e97df210b3912534d
SHA256

0297de22b433fe7ecee63b5f80b78c4749bb8f4cfec0cd737713d87781d1db52
SHA512

9111c7cc8dec1c0a010099ca97c1b25ca5ff2ad0cfc146b8c37749acb0dd895a2dea9203fe880c36a1466e40ed1e3dba2174dc30c7fe6ef940d5f54479d31db2

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

import_documents.exe

Resource

win7-20220414-en

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

import_documents.exe

Resource

win10v2004-20220414-en

agenttesla keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.office365.com
Port:
587
Username:
[email protected]
Password:
bhsusa714

Targets

- Target
  
  import_documents.exe
- Size
  
  395KB
- MD5
  
  22f207e5e15c4ec19b80e07fa45967b9
- SHA1
  
  7af28dc2d18281e450738b4a477cd14014458e72
- SHA256
  
  87c88de3a875c7997a34e00e8c7c97577f046332811dcef6cba7c33b37c42396
- SHA512
  
  5912b78fdc9b66639c5deb9d12e8b8aad4c404c6b2e919392e5032ee80a04e91e3cd1e4822ec6880fef0a2a830200a317ffb390745e21f0b0c697a00c71a3cd8
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy