agenttesla | 6b0fe1f4cfb10e06abc3603956fcf0953de6e4ab63a034665d449b4f880366ef | Triage

Submit
Reports

Overview

overview

Static

static

Purchase O...10.exe

windows7_x64

Purchase O...10.exe

windows10-2004_x64

Sharing

General

Target

6b0fe1f4cfb10e06abc3603956fcf0953de6e4ab63a034665d449b4f880366ef
Size

325KB
Sample

220521-n6qtsshhcm
MD5

3668fc5c56b2a376e8cefb0171ea15e2
SHA1

72b02f669454dffe97723340b19d020c1aaf19e9
SHA256

6b0fe1f4cfb10e06abc3603956fcf0953de6e4ab63a034665d449b4f880366ef
SHA512

e1d64b6280e25b795182b20586234c20861531500cf7f07ea916fec0908861b9997f6f7f7430b0524250d5999e51efffe1df53f329e4ab9bb10bdd99851f56e4

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Purchase Order - 8279018110.exe

Resource

win7-20220414-en

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Purchase Order - 8279018110.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Purchase Order - 8279018110.exe
- Size
  
  368KB
- MD5
  
  ce16e76c031c756a7580719e65e0ff63
- SHA1
  
  cde97cb49d940071dc5b5d0cb4af0e59ce2a830c
- SHA256
  
  09d051ae9f992668f4b86a538c3483174f491cd16b18ca1e6799eaf1506e4a87
- SHA512
  
  ddd5c2241e07b4d1610d13312e118d0b7558fbf38dc0b4a828f773b4de2ea85a36805940193fe28b3405bdfdc33546f949716471e81c1d737afffec93bd21b7d
Score

10^/10

agenttesla keylogger spyware stealer trojan collection persistence
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy