agenttesla | 6795a07c867f20fc16bcaed7a8fd1ff0390fa2dcd926ca6a4e8c9b27aa94b4c9 | Triage

Submit
Reports

Overview

overview

Static

static

order#1152...df.exe

windows7_x64

order#1152...df.exe

windows10-2004_x64

Sharing

General

Target

6795a07c867f20fc16bcaed7a8fd1ff0390fa2dcd926ca6a4e8c9b27aa94b4c9
Size

409KB
Sample

220521-nf71dsggfr
MD5

1351a881f56e3d405f6a1ce470c456c0
SHA1

396e01b7202d08bb8304c68c59ce7f626c30fe1e
SHA256

6795a07c867f20fc16bcaed7a8fd1ff0390fa2dcd926ca6a4e8c9b27aa94b4c9
SHA512

6bac91b3e61674e5af766cdf6354aede65d99f5ada7d629bb674d6baa03e3c8c28c4654bd4ee8dcde478c43cb477d5fe36de32cfd613b7474e26b9c633db186d

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

order#11520520_pdf.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

order#11520520_pdf.exe

Resource

win10v2004-20220414-en

agenttesla keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.imatechwiring.com
Port:
587
Username:
zappoh@imatechwiring.com
Password:
2rldD]X4QNvq

Targets

- Target
  
  order#11520520_pdf.exe
- Size
  
  507KB
- MD5
  
  470f80a9b3a8ba2d54ca509363602daa
- SHA1
  
  38c14c6b0a1bc83de9242d8c7aeb15e9f6c3359b
- SHA256
  
  ede1cc754e047082946e0e3bdc5487406aa36881da14fc3f15fcf2d3265e8757
- SHA512
  
  da60b321d237b4ae7a8a7a16dd63d46bbd03cbc1b26aa36d2893103d2ff8b271a5612cb091f90372ac86c3a9b276b3586515a307240539fcaf8b52f2e8637715
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy