agenttesla | e3afa6bdd57ef6d0c322198de7b83fcb8cc96fe666e875a42502443c251465db | Triage

Submit
Reports

Overview

overview

Static

static

Our Ref MI...2).exe

windows7_x64

Our Ref MI...2).exe

windows10-2004_x64

Sharing

General

Target

e3afa6bdd57ef6d0c322198de7b83fcb8cc96fe666e875a42502443c251465db
Size

856KB
Sample

220521-ndtd8agfdl
MD5

92151d9c5f9cc46978dbb28cf093f2e6
SHA1

62c990a943384ba6d1aba9a67e135d50e46c01f9
SHA256

e3afa6bdd57ef6d0c322198de7b83fcb8cc96fe666e875a42502443c251465db
SHA512

cbb746ba8c0534bb3ff912efa90f199a7d5223d483b3e7bb71ad43931c28580286ee9cc0af2654238f0af06c40c62279a545987deeedf4475ddf238858af4f9c

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Our Ref MIDLGB31 (2).exe

Resource

win7-20220414-en

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Our Ref MIDLGB31 (2).exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.framafilms.com
Port:
587
Username:
[email protected]
Password:
lister11

Extracted

Credentials

Protocol: smtp
Host:
mail.framafilms.com
Port:
587
Username:
[email protected]
Password:
lister11

Targets

- Target
  
  Our Ref MIDLGB31 (2).exe
- Size
  
  1.1MB
- MD5
  
  2aecc1b520754fc969b230fe021f1889
- SHA1
  
  9ac39bf5017c6d23433723b55d869856e138e54d
- SHA256
  
  6c78a32328d131b8e75b30321d925c1e11d38416e744329d4a333822e4cfb7ec
- SHA512
  
  97c62f93147a1fd6dbb4e77f54e675ea61a9f99e31998d9577b857d260d4a81f1cdc13aa3be878b43dfac50861d8d8875a0cb2fe330a15ad5b8d4e550daaef13
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy