agenttesla | 0ae65b19fe6b5d501853314fc933ca799820ddb458bb4264ec1e462c741dc1ae | Triage

Submit
Reports

Overview

overview

Static

static

Dhl Shipme...ts.exe

windows7_x64

Dhl Shipme...ts.exe

windows10-2004_x64

Sharing

General

Target

0ae65b19fe6b5d501853314fc933ca799820ddb458bb4264ec1e462c741dc1ae
Size

272KB
Sample

220521-bypkjsfgdl
MD5

525858682f510e497eb88d398c45083b
SHA1

86336f536bd86727ce793d9444532d0b633b8a64
SHA256

0ae65b19fe6b5d501853314fc933ca799820ddb458bb4264ec1e462c741dc1ae
SHA512

9cf55b753bd2a65d5572c5d3a7490110f044bea5e2c403c36bf08957fc70038b0256ea8696738bec085aef7d2fe5de924beb62494f91cb3a6e828741bfeb99ba

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Dhl Shipment Bl Pape % Documents.exe

Resource

win7-20220414-en

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Dhl Shipment Bl Pape % Documents.exe

Resource

win10v2004-20220414-en

agenttesla keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.gruppoei.tk
Port:
587
Username:
[email protected]
Password:
fC%ROLz}R,(*

Targets

- Target
  
  Dhl Shipment Bl Pape % Documents.exe
- Size
  
  661KB
- MD5
  
  d3e448f4a6977cf1ada78b06d98b99d1
- SHA1
  
  a9946cc0334817c714639e533376cf7ff6337aba
- SHA256
  
  fbfa1fd030f6c63104868de7dc73436f4f6c49635b3d25effa4f7423df2349b2
- SHA512
  
  904fc80f94a683fd37f6d647b7836214cb6684b0cc4511aa1a61b026cc0b846dc1ad107ea896fd8a97489ac22671c07f59817a1938a473173b925001de921fa2
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy