agenttesla | 3a1869a3ad86bca973acdc80ccc9ae81735117dc0a29a584d5d1db0f8c09a1b0 | Triage

Submit
Reports

Overview

overview

Static

static

The detail...al.exe

windows7_x64

The detail...al.exe

windows10-2004_x64

Sharing

General

Target

3a1869a3ad86bca973acdc80ccc9ae81735117dc0a29a584d5d1db0f8c09a1b0
Size

521KB
Sample

220521-n9lz1saafr
MD5

38d9cabb0f2627a11f2c053ff000f95f
SHA1

b67620f81796a566146b35ba9ad9bcb8979a77b2
SHA256

3a1869a3ad86bca973acdc80ccc9ae81735117dc0a29a584d5d1db0f8c09a1b0
SHA512

aaf52950080d60b8a1edbc6928c501c8c112ab8268da1fc41cc5af051fa00d6b0ad23aeeb14af2e5cf50bcc46577b47a06108ea41905e30be92f7458e9494e96

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

The details for your perusal.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

The details for your perusal.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.emailsrvr.com
Port:
587
Username:
sanits@er.org
Password:
31081985@

Targets

- Target
  
  The details for your perusal.exe
- Size
  
  558KB
- MD5
  
  35f7b91f31292e3c9a4d187e9a4bd4b6
- SHA1
  
  00cf753c6fc011df51acf181cb6e79dc31f35171
- SHA256
  
  7d3068aff051388b3332905ca9a26a10a1cd96441e3be9d908cd839088cc9d65
- SHA512
  
  0b03a1f9efeb651a4f527d66d84572bad7fbb9a4379169910a2674fe54a2d1b19a36dc34cb54d71aa0c8a09b44035f6dd917041f17353e1d81dc31e62bc37bd9
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy