agenttesla | e7fdcc7b5868a0d68b1c531668c2b57ee2e5bbbe2d6da99025a577413376a372 | Triage

Submit
Reports

Overview

overview

Static

static

5

New order....B).exe

windows7_x64

New order....B).exe

windows10-2004_x64

Sharing

General

Target

e7fdcc7b5868a0d68b1c531668c2b57ee2e5bbbe2d6da99025a577413376a372
Size

1.2MB
Sample

220521-mnehdafbhm
MD5

42b30b43f6f5bfcefeea91c26754c629
SHA1

bb15b11fcef23103b7d2dba646a59883fb306a31
SHA256

e7fdcc7b5868a0d68b1c531668c2b57ee2e5bbbe2d6da99025a577413376a372
SHA512

b6429bcb989bbc28adadc17ae7eae11fb9fc39b2249899577b0957a5fa2ea7f2cafa3b639f34a4bf81634b7ae436b1881d8fcdf9ffd7560cec4d4210a3cf3bc5

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

New order.xls.zip(~1.1MB).exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

New order.xls.zip(~1.1MB).exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
chiamaka1991

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
chiamaka1991

Targets

- Target
  
  New order.xls.zip(~1.1MB).exe
- Size
  
  1.6MB
- MD5
  
  e472d3a6d5bb5a1e8e173c2d9a8552dc
- SHA1
  
  997b8d1a66b133dea2bcfc87889578d6c5a0f5f5
- SHA256
  
  7b43d2b9046f44a08e2c3eca7fd8d87410c72c79f597697f2fd2585177b52403
- SHA512
  
  cdcc7e537d0167a3586d07c09c18bae7467dd0e613100593598257a2bb97fa9f8f7d50ea509463d2fd489a6c489dd7674cb9fbf196fcfa452e9b6bdb54148408
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy