agenttesla | 391efe10896bf499fc925486977ff31c400b4356c05bcc5f6cde2cdeca4d728c | Triage

Submit
Reports

Overview

overview

Static

static

REF-091100679-BEC.exe

windows7_x64

REF-091100679-BEC.exe

windows10-2004_x64

Sharing

General

Target

391efe10896bf499fc925486977ff31c400b4356c05bcc5f6cde2cdeca4d728c
Size

2.9MB
Sample

220521-n3hc9ahffm
MD5

88a15ec9074875aea41b4656dfcbc8e7
SHA1

1dd9a1c5c87b974fe2b4e3620ae8d45a368a050a
SHA256

391efe10896bf499fc925486977ff31c400b4356c05bcc5f6cde2cdeca4d728c
SHA512

2549323dcb77ee72b2109ee3d4817149728f14e0a5dc533d09c2201956fe484ac5e9db76c235b0bede397d760cde64e7dc6534335e2fde71693498c9b3842ec4

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

REF-091100679-BEC.exe

Resource

win7-20220414-en

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

REF-091100679-BEC.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  REF-091100679-BEC.exe
- Size
  
  3.4MB
- MD5
  
  eb418cc79fca67e60db5625ef121773b
- SHA1
  
  660a24da2ba60704e4bc093b22dd66ff19b6770d
- SHA256
  
  8948e4e0f392197b1c1436e5f7a2a7bc326c849b6129d8cf287a6d6a03cd642e
- SHA512
  
  59f0992496b81b166f0ea1bf75e3a8e7d759ec4fcb20b163849f4e2c3cb1c384952b7ed93942bab95b92102a39d42209bf4502204206dc9c93fe218de4cdda91
Score

10^/10

agenttesla keylogger spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy