agenttesla | 7dd9950cfbe6feaab2eba055ba3144b50371ecbca3f476375d2de26123486b1f | Triage

Submit
Reports

Overview

overview

Static

static

SOA.exe

windows7_x64

SOA.exe

windows10-2004_x64

Sharing

General

Target

7dd9950cfbe6feaab2eba055ba3144b50371ecbca3f476375d2de26123486b1f
Size

348KB
Sample

220521-nc6yxsgfar
MD5

018c1db7d61b78ec03a8a73d89ab35b4
SHA1

8e32a75e33d34a5416bcf4abfe38b1094c2c819c
SHA256

7dd9950cfbe6feaab2eba055ba3144b50371ecbca3f476375d2de26123486b1f
SHA512

7edf273e17f8cbde795a282e8a8e7343d132063b79eb2c0f6da7596ac226fbc0a93885108139118f60170dfa300b5247046f4a6ee8bf8c02006037b7785507c3

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SOA.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SOA.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
leonardo.doro@yandex.com
Password:
bigboy5570@@@@

Targets

- Target
  
  SOA.exe
- Size
  
  416KB
- MD5
  
  59c3cd7474ff46cf6ec70bb387663b19
- SHA1
  
  b60ca2275182a0aaeadaf5097752ed2477297383
- SHA256
  
  713485dd990b5f709f17842623a1f3b8bcc381d98436683ab828b4487d338ba3
- SHA512
  
  e49bfeb064f5ea25e4a4b2ad7c142c99468d7f59b3ab148c0e8b05105c99d095941be2c00ee79bab82a132ab9fee4ffb555b3169997880ef1f2ffaeeca36352c
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy