agenttesla | c3e4ef601f74d417fc6eb43f476a53e99c61f78b3890205b9d51ca9896eea229 | Triage

Submit
Reports

Overview

overview

Static

static

Our Comapn...le.exe

windows7_x64

Our Comapn...le.exe

windows10-2004_x64

Sharing

General

Target

c3e4ef601f74d417fc6eb43f476a53e99c61f78b3890205b9d51ca9896eea229
Size

352KB
Sample

220521-n1bgxshefn
MD5

2525beb5c8adfa8d81efd475963d5c66
SHA1

f267beef8064d09ce8aaa42b2c3157be02238036
SHA256

c3e4ef601f74d417fc6eb43f476a53e99c61f78b3890205b9d51ca9896eea229
SHA512

81d899712067a8a2734812d92ff0ff00075e61efa294ec20193798d108467894a6ea152270764d0e3dcf6543a9255c268812906f20b4fa3ef5297c0b7ef7f334

Score

10^/10

agenttesla agilenet collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Our Comapny Profile.exe

Resource

win7-20220414-en

agenttesla agilenet collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Our Comapny Profile.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
Dmacdavid

Targets

- Target
  
  Our Comapny Profile.exe
- Size
  
  511KB
- MD5
  
  dffe94f322f08bfa232ec74132bba4dc
- SHA1
  
  295f6e2d6ba25039dc7e060f58cca62e76a3cea9
- SHA256
  
  c7b49d64f3d9a7201d376c1c85085e8aed8b2911e0a7049047a6e8df62e0d70b
- SHA512
  
  96c86b0a473cccf48b8efa032331573a9fa948b09227f8f0902da8b11b761cd36021b524fd569f26cfcac1fa7b6f04e8df9e09ab440d3339205982c5e5af6939
Score

10^/10

agenttesla agilenet collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslaagilenetcollectionkeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy