agenttesla | e0051accbbfeeca8279f9de3e36d284346de15ce28bcdcc707542ee614046d06 | Triage

Submit
Reports

Overview

overview

Static

static

9

Industrial...te.exe

windows7_x64

Industrial...te.exe

windows10-2004_x64

Sharing

General

Target

e0051accbbfeeca8279f9de3e36d284346de15ce28bcdcc707542ee614046d06
Size

487KB
Sample

220521-n837xaaadq
MD5

a06b6eb93c99815ab73d6fbaceb59ae3
SHA1

e145826eed3e0f4d1cd5246df61626bb44eed297
SHA256

e0051accbbfeeca8279f9de3e36d284346de15ce28bcdcc707542ee614046d06
SHA512

2e2017bd61785ba2aea8884a6d5a2d09b2a16b1ed16414b62f2e8553668ef5a85d5ab8e029d88190b7d967527175a970fead017cd284b1ae554277fb4935a5f9

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Industrial machine quote.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Industrial machine quote.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
victormuller10@yandex.com
Password:
Mummy212

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
victormuller10@yandex.com
Password:
Mummy212

Targets

- Target
  
  Industrial machine quote.exe
- Size
  
  522KB
- MD5
  
  41615850b17ff0e5c9ea11e7b26e4ef2
- SHA1
  
  f9aea47b955a88f08082aea6e5e86bc9561fef89
- SHA256
  
  4664b88274ef7c903d7eb7c18ab51ba8109640210334f648d696afcecf935ddd
- SHA512
  
  d0ac0663f4293e1bddd7fc0c7964e51f2d3dde6e9b05d551fd85ef4103662b1dfb538823d30488b7aa0034de12bf309e01c06975515fbf3ed3462d80c8c08a1e
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy