agenttesla | 117fac29259144eea01437fba5a89e49c773b1d5184c42f3a3735e8d7045f7e4 | Triage

Submit
Reports

Overview

overview

Static

static

45676576545_pdf.exe

windows7_x64

45676576545_pdf.exe

windows10-2004_x64

Sharing

General

Target

117fac29259144eea01437fba5a89e49c773b1d5184c42f3a3735e8d7045f7e4
Size

374KB
Sample

220521-bybzfscff2
MD5

954d11e7a5e8ebdc131ea7c6f6aee3a2
SHA1

261d11b8eb8b99aca2b82cb4fe8d4a53fc2e8562
SHA256

117fac29259144eea01437fba5a89e49c773b1d5184c42f3a3735e8d7045f7e4
SHA512

359b321427a53cfb314836e647fe61c7fc08ce48bce9e77856c689752dfd3b2968a04b8390c50c28251c57ddea97eb5d4b077ab0e7b899732c454817d8c27efc

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

45676576545_pdf.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

45676576545_pdf.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
princehero1234

Targets

- Target
  
  45676576545_pdf.exe
- Size
  
  491KB
- MD5
  
  01bc7d05b6e6507b7017abee3579738a
- SHA1
  
  147377bb8597a119fc318059335ae0f96687f844
- SHA256
  
  8883f73f1e34a42362cd116db607dd2cbf33616249a68783ec6a0455b72d8bcb
- SHA512
  
  97d413bddf67399c988f0a963dbbae7284e9343ea3ceeb1d8a96eb5a937daf8b61898351e12f5e95a29cba60741d8f0275f4b2988ef2eba26ef4feca79608dcf
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy