agenttesla | 992602250752df5087c5c3c17d690b73e368f336e77559a3cb102b8c80fcad47 | Triage

Submit
Reports

Overview

overview

Static

static

New Po.exe

windows7_x64

New Po.exe

windows10-2004_x64

Sharing

General

Target

992602250752df5087c5c3c17d690b73e368f336e77559a3cb102b8c80fcad47
Size

263KB
Sample

220521-cyc27aeff7
MD5

495f346fbccd1bbd081a05e5f9a98717
SHA1

e69080f0f69d897d4b39b837ddc03c95ffebebfe
SHA256

992602250752df5087c5c3c17d690b73e368f336e77559a3cb102b8c80fcad47
SHA512

8f8e2198d352c1b064d2f0c5f1af276a85922a1129c2faca53926f7130fa6762e162b2a6f5a6478cab1ec3b09c1165eaf9c497df957899f080508b2d36bde081

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

New Po.exe

Resource

win7-20220414-en

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

New Po.exe

Resource

win10v2004-20220414-en

agenttesla keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
webmail.chennairealty.biz
Port:
587
Username:
[email protected]
Password:
Mp@123cr

Targets

- Target
  
  New Po.exe
- Size
  
  740KB
- MD5
  
  41661d4ec98347e7359621a526e7e976
- SHA1
  
  e35dddbc0fbf97a94257039941d6910ffc7615d4
- SHA256
  
  ffb914ef6c0c0b2077f019be5f0fc486ff611af6ba5922bb4f9a44e57565b77e
- SHA512
  
  e84e99a942e93892e5b5d4ceb762f2a8cdcd8926ab62b3d74a0f0c96cc33297d84700e2b2464d327ecf0de887b068444a594bcf1ce0ac1235705ec75724973e1
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy