agenttesla | 43f1a085b9a6e7f26fdbb1f0f98a8a89311b492bdc78704b8dc2418a1915e1f9 | Triage

Submit
Reports

Overview

overview

Static

static

Bank Deposit_pdf.exe

windows7_x64

Bank Deposit_pdf.exe

windows10-2004_x64

Sharing

General

Target

43f1a085b9a6e7f26fdbb1f0f98a8a89311b492bdc78704b8dc2418a1915e1f9
Size

535KB
Sample

220521-n3c4jahfep
MD5

f621a162b936626cc37d70b3ffefe304
SHA1

c22ae3b16f3cbeb5a0ef65d1a6302f8d2d4e0d39
SHA256

43f1a085b9a6e7f26fdbb1f0f98a8a89311b492bdc78704b8dc2418a1915e1f9
SHA512

b6fadde4d177247173039c35d3ee76a30b04ef9420d6e0336d89d9d97c0bd520fa611339680aeaa7011f0b24b2911e534d0dcee41532576d6f643c56ef6d3d35

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Bank Deposit_pdf.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Bank Deposit_pdf.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
jiucUVn4

Targets

- Target
  
  Bank Deposit_pdf.exe
- Size
  
  846KB
- MD5
  
  12bb6076dd7e2d3c4150ae025e7292d0
- SHA1
  
  eeb7ed4ad7a419e5160ae862748a6fe34a1dc0f2
- SHA256
  
  618fbb94c6c3b6726a543156d6d23efffb5515395c327d7e58cf8c9eb45b5825
- SHA512
  
  84bbbc6552a45f3d224ab520d4e654d8f123beea001e7f3ac6ab4367c6bbc5245b7cfa1e8c1dc43de24060e3874a31924c2630b064ba424611a72d63e38c7ee7
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy