agenttesla | fd78b21bc195701d9e2340ce4fa7af9136c252c7a9c7eb1d8cdfae415ba714a4 | Triage

Submit
Reports

Overview

overview

Static

static

gw3sbbiu.dun.exe

windows7_x64

gw3sbbiu.dun.exe

windows10-2004_x64

1

Sharing

General

Target

fd78b21bc195701d9e2340ce4fa7af9136c252c7a9c7eb1d8cdfae415ba714a4
Size

297KB
Sample

220521-n8dbgsaaam
MD5

83840875d7e3c65b0cb34615fe2cc453
SHA1

9c1fc2928c4457bde0c3b1443ce1cf14171df989
SHA256

fd78b21bc195701d9e2340ce4fa7af9136c252c7a9c7eb1d8cdfae415ba714a4
SHA512

49f8bc8d322ffd312748af7da13b5c0e27493fa4d4e3967ab6d4a078744fba075c1c1e01408bae4cb192cf9e9be3ee4e7e0b2c421a435e6602689314cca6a314

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

gw3sbbiu.dun.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

gw3sbbiu.dun.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.askon.co.id
Port:
587
Username:
ratna@askon.co.id
Password:
r4tn41226

Targets

- Target
  
  gw3sbbiu.dun.exe
- Size
  
  341KB
- MD5
  
  5a14ecb86c759a98f4ed84147eef1173
- SHA1
  
  17149248793858899a5b177791226d91dd55c0b6
- SHA256
  
  d6003d92bb4afadbc8ee04fc35c1e3238c2bbc1ca06fecbb19b8b72c1372cc5a
- SHA512
  
  4e5a6c2a3e49229e0f8c0869f1f499e13e47939422e001804c160982e5b0ffcbc968966b88131521dc7c6afffde752472f66cc2cf29ed75228e091169238851b
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy