agenttesla | 9756c3a6a94089500e36dc605d50a4365c656274c78f0d0416a3d331510f5ab8 | Triage

Submit
Reports

Overview

overview

Static

static

Purchase O...df.exe

windows7_x64

Purchase O...df.exe

windows10-2004_x64

Sharing

General

Target

9756c3a6a94089500e36dc605d50a4365c656274c78f0d0416a3d331510f5ab8
Size

416KB
Sample

220521-n12n4shfal
MD5

a0d9a3ae7fb3a99edb55897f7f194bed
SHA1

2987843ee0f0059742f7232cc2fe13c1a5679a65
SHA256

9756c3a6a94089500e36dc605d50a4365c656274c78f0d0416a3d331510f5ab8
SHA512

84f9d3b51642001a6198cd7b581225554a5223ad4946260cb3537bc519d3327a4ff351abbdd98594ab5968da529e789ada626be5d5eb7575fbcc7b7f1e4251f4

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Purchase Order - PO -SLD GRT-07480.pdf.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Purchase Order - PO -SLD GRT-07480.pdf.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.flsrnidth.com
Port:
587
Username:
[email protected]
Password:
x{Op,7(4O+yl

Targets

- Target
  
  Purchase Order - PO -SLD GRT-07480.pdf.exe
- Size
  
  764KB
- MD5
  
  622edc1b39bf1ed986b68ab25bdbfe5a
- SHA1
  
  1789b39de2c8bd681333248b39e2231d85e5956a
- SHA256
  
  d757bb9a190984035e621c9be0d393a9ba6de60bca0256ad7268e68eea276cdc
- SHA512
  
  7ed09875d52815c51c0b49e7ba0466f3d69dc7ab0c1b705fdd3eab80e6b2ed98b0df5a4b87e53e9516f6817deba20d379e87444ae559a945e286bfe40133b4d9
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops startup file
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy