agenttesla | b51eefd9069961db219fa4932a1217285e7b2bbe13d2e5648b7789333aec48c4 | Triage

Submit
Reports

Overview

overview

Static

static

SOA.exe

windows7_x64

SOA.exe

windows10-2004_x64

Sharing

General

Target

b51eefd9069961db219fa4932a1217285e7b2bbe13d2e5648b7789333aec48c4
Size

496KB
Sample

220521-nbj3rsddd5
MD5

83a346d61094871e323f2054c9b335c0
SHA1

236364562118e26e5917c93cb37bc58abafd24c7
SHA256

b51eefd9069961db219fa4932a1217285e7b2bbe13d2e5648b7789333aec48c4
SHA512

b2e419da7e7b31bf41d4c8e3020cb959c7716520a059c051014acdf8fb032e7fda7562aebf2b7dd3c0b9e163679fb98df5cd382694cf0099221638a0889f0ae4

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SOA.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SOA.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.amexworldwide.com
Port:
587
Username:
sujit@amexworldwide.com
Password:
sujit@41#

Targets

- Target
  
  SOA.exe
- Size
  
  821KB
- MD5
  
  a445c10e946c6374763f1073e3aacdbf
- SHA1
  
  a9dbaa9b65d0506ca3ae92326dba7c1300a9cda5
- SHA256
  
  1c6bb472f44c4e6ddb6b74a9fd411b802dd502a92fe4cce7e4a0959a8030ffb6
- SHA512
  
  8f222f5861969b264165e4cc3e55e30b33774213319ece2526c2e23bd77358c7eecda6fb5ae052850496c8980923c7e1caa150241e6c6cfdb819093de977b822
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy