agenttesla | 4c9b2ac9186158cddca77ae58b415445491079f3721b1126f2f7d30a32913e80 | Triage

Submit
Reports

Overview

overview

Static

static

5

GEA_5556789.exe

windows7_x64

GEA_5556789.exe

windows10-2004_x64

Sharing

General

Target

4c9b2ac9186158cddca77ae58b415445491079f3721b1126f2f7d30a32913e80
Size

959KB
Sample

220521-m81lcadcd5
MD5

890fd7baad5fcc9ff7e72e3aa39ae070
SHA1

d6c5e6943e1accb9e993fbc0cf6a1929d61e21a0
SHA256

4c9b2ac9186158cddca77ae58b415445491079f3721b1126f2f7d30a32913e80
SHA512

c44f6ea6d3d3fe63cac719e14cc59c2aa12c2a52417c2201660983831f320347a31fe8c2517666af7bcb88c74892331697ac0469ec56023228cecfa5cff5b4ed

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

GEA_5556789.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

GEA_5556789.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
goksal.sir@prosoftelektrik.com
Password:
Wm^kN*!7

Extracted

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
goksal.sir@prosoftelektrik.com
Password:
Wm^kN*!7

Targets

- Target
  
  GEA_5556789
- Size
  
  1.4MB
- MD5
  
  f27fed1c7cb331f04fdcfecedc899c7d
- SHA1
  
  abeb646efcb893c29d5e26c01d3cc8b6013b6b22
- SHA256
  
  b4a49ab94a3bc704c6eb3394df82ebae6e04dd139a765db41db66e65457b0673
- SHA512
  
  795c78eb55cc65bfeaf880f2b7f34f929e272f434bdbe6760b3521e02eadf638ff6c8b94c5ee64230cc575edbc8d7293078d9e2d16f6f8056614f6adbea92208
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy