agenttesla | 9c02692646d031a6f8b802915aa1f971445b78946352c866d3cd671259e01dc1 | Triage

Submit
Reports

Overview

overview

Static

static

TT-Swi4564...df.exe

windows7_x64

TT-Swi4564...df.exe

windows10-2004_x64

Sharing

General

Target

9c02692646d031a6f8b802915aa1f971445b78946352c866d3cd671259e01dc1
Size

449KB
Sample

220521-cxn33aefd2
MD5

e3f6637757e07fa71327c1392d2d1e9d
SHA1

1baaa5c0837e1b9da028aa1ee5a4949a41324f46
SHA256

9c02692646d031a6f8b802915aa1f971445b78946352c866d3cd671259e01dc1
SHA512

e78de51040f260ad001ec0ed3a2580c1de56b5324ee61e6d7c39135bf44f79d93afb4e62b751f3d77a644c43b2545ae599585855e13d557343ebbdd4ddc076db

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

TT-Swi45646-Printout-Pdf.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

TT-Swi45646-Printout-Pdf.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
*7BFOjey!nvc]

Extracted

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
*7BFOjey!nvc]

Targets

- Target
  
  TT-Swi45646-Printout-Pdf.exe
- Size
  
  544KB
- MD5
  
  5ab4a54a4b071334096ae5fd87ad4840
- SHA1
  
  9bf8bfe4d451916434fd90270bc65b78c01a0d5d
- SHA256
  
  78421571ed40c04719354b6c325569c68109356a6f63ec038dd14060700e8b3a
- SHA512
  
  3352d2482e0273251b8aca9605a4fe0471d26bceef836989ba241d071f247093e1a36c3ff6b477f12040e19a0ce75e8fc13ebf42f53f4d49c2f305563fcc9be0
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy