agenttesla | c86337b831ef4541b8d4d94ffbee82dbb7e8eda9ef36397395ffa7b468ceace0 | Triage

Submit
Reports

Overview

overview

Static

static

5

order pdf.exe

windows7_x64

order pdf.exe

windows10-2004_x64

Sharing

General

Target

c86337b831ef4541b8d4d94ffbee82dbb7e8eda9ef36397395ffa7b468ceace0
Size

1.1MB
Sample

220521-mnh6kacah3
MD5

3874376726b85bd41ec7aead7f126b80
SHA1

b5d993d3c14ce4d2ec39805070ce1976f2c0786f
SHA256

c86337b831ef4541b8d4d94ffbee82dbb7e8eda9ef36397395ffa7b468ceace0
SHA512

2a1c3a057499bfc1d8b4bfd64a8bd5f93411ca47980e570e932dec5749f0ceb090ab3f7882d9cbb0fe26e80ca3270f9b39f7e44ba7511c4c1c8cabbe2c18e826

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

order pdf.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

order pdf.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.fiscalitate.eu
Port:
587
Username:
[email protected]
Password:
;&7]PU*4yzVJ

Extracted

Credentials

Protocol: smtp
Host:
mail.fiscalitate.eu
Port:
587
Username:
[email protected]
Password:
;&7]PU*4yzVJ

Targets

- Target
  
  order pdf.exe
- Size
  
  1.5MB
- MD5
  
  0fddef8f238a557ca04148218685fe6c
- SHA1
  
  d9cacec62d30c5f817e41a51742f8875ca59fdbd
- SHA256
  
  07ebe4922915c2c0b8457ac0e63ee911a319246845881005f56c5b7707f67161
- SHA512
  
  7f8caea85b236c1ebd0ffd7346f48d55eeef11b84d9bbd8e64180edab579c1e6c6a542ccf87635eb4284a387a373e332a3be7a87891a67443d834a6a0ebf0267
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy