agenttesla | 4e7eec05176fb9f3542905ba6ec354d59f41866ea0ee3557d3f83039756f8a18 | Triage

Submit
Reports

Overview

overview

Static

static

PO3142020.exe

windows7_x64

PO3142020.exe

windows10-2004_x64

Sharing

General

Target

4e7eec05176fb9f3542905ba6ec354d59f41866ea0ee3557d3f83039756f8a18
Size

887KB
Sample

220521-n8e53saaap
MD5

27aed45941ffbd600f34f40af42ec92f
SHA1

13516d82057145c8fdc14f73343ac842af7b5132
SHA256

4e7eec05176fb9f3542905ba6ec354d59f41866ea0ee3557d3f83039756f8a18
SHA512

7d34b75bbd3ec4bd2afab189b42e2c5115e422d7c6b3271d04e795ae85044825a5ad90f5ade2a53b25e69a78c5c943a8a56219f14c92d19e1964c5d0743000b5

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO3142020.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO3142020.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.radarcncs.com/
Port:
21
Username:
admin@radarcncs.com
Password:
8,4=M~_i,5NV

Protocol: ftp
Host:
ftp://ftp.radarcncs.com/
Port:
21
Username:
admin@radarcncs.com
Password:
8,4=M~_i,5NV

Targets

- Target
  
  PO3142020.exe
- Size
  
  919KB
- MD5
  
  4b846a96f8f355ac9b9314265b5dbbea
- SHA1
  
  44825a48d60b3dff26e0c2d12b26491830d58de0
- SHA256
  
  7992c7a13287cca6f8528dcd6ee08e95367634aeb1dae73f3e194afbf1fe98a9
- SHA512
  
  26e7c84ff854a678b97d8aa8966ef9183b0d2355b786c2aa10600825c0498f77f5028031e0ed8973591ec85dbbb69ec86a71e6dc8c744c21281e7bedc5ea630d
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy