agenttesla | 0e103c7539cd3e961dc94175504c6a269eb5845a1e85c1c8936ad6303cae9c8f | Triage

Submit
Reports

Overview

overview

Static

static

New Order.exe

windows7_x64

New Order.exe

windows10-2004_x64

Sharing

General

Target

0e103c7539cd3e961dc94175504c6a269eb5845a1e85c1c8936ad6303cae9c8f
Size

549KB
Sample

220521-n355bahfhn
MD5

0b8229dfc9672b2437c49732cd68ef2e
SHA1

d97fd0d776e8dd6e61757a26e9243e04f62b061d
SHA256

0e103c7539cd3e961dc94175504c6a269eb5845a1e85c1c8936ad6303cae9c8f
SHA512

ed5d4c4985f66ebe95d62b4486b19be0321181bb618192e1f9c7839c53e4a9cf1470454a9fefdc1a37aa6b1cfeb90fc114181f778ce4905b88bd346883821ecf

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

New Order.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

New Order.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.sunkyoungvina.com
Port:
587
Username:
[email protected]
Password:
sun123

Targets

- Target
  
  New Order.exe
- Size
  
  801KB
- MD5
  
  831d4a721603de375526e83516add339
- SHA1
  
  91c8e91b3f62b251a77a081ee942ba03a98724fd
- SHA256
  
  0f75f6670487368f4ba9f5cf419f8f96433a2c4176bd2d07c4a12d0c83963abb
- SHA512
  
  afb4f6c226735b289619645377d269b56967be66438e60a9b9edf7637858f650db3ff0cde45f27c4ec9b092c62a142dbc3c8a565914086a93f0ee7012a61562f
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy