agenttesla | 673bf0611827fe48f9e1cb49afe15406467dc4fc1ad01d1c0b16a6c2f368de38 | Triage

Submit
Reports

Overview

overview

Static

static

5

RFQ-19.05.2020.exe

windows7_x64

RFQ-19.05.2020.exe

windows10-2004_x64

Sharing

General

Target

673bf0611827fe48f9e1cb49afe15406467dc4fc1ad01d1c0b16a6c2f368de38
Size

1.6MB
Sample

220521-m8na1sdcc8
MD5

99af45ac209e21fb216a44bcf166987f
SHA1

912c48a956e21a7c6a5d502a05fcadd6bb457c9e
SHA256

673bf0611827fe48f9e1cb49afe15406467dc4fc1ad01d1c0b16a6c2f368de38
SHA512

e84efa2d30cdb834aa3940cc1f7ca2eb8cff668a4876234796632051463f9023f19f8aff4914e2653dfadde9fcc7c7bd2638f0de9a09d3462cbfb47180842bb9

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RFQ-19.05.2020.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ-19.05.2020.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yltab.com
Port:
587
Username:
imre.macsuga@yltab.com
Password:
VdwhsPd5

Targets

- Target
  
  RFQ-19.05.2020.exe
- Size
  
  2.0MB
- MD5
  
  9107953e95b38e558abd8e1ba4dd3c03
- SHA1
  
  78e3599524b5b5d13f01dfbf9cdfe8a65b6a4573
- SHA256
  
  c650f11c8c28f1dc49d06892ded6ab01fac0c3e364b43382a867dc0c9c67992e
- SHA512
  
  2186b1823f09c7ad7be42c49173d7e832e76729735a87a1a32444a7af48847240b149b754b4766f2cf02c3c01aafd0cb29ccfa69bbdbeab0c1e2342d96fcefb0
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy