agenttesla | 75cfff8716305022e28387f46165937965c226c0cb410c58c32302af49534584 | Triage

Submit
Reports

Overview

overview

Static

static

Purchase Order.exe

windows7_x64

Purchase Order.exe

windows10-2004_x64

1

Sharing

General

Target

75cfff8716305022e28387f46165937965c226c0cb410c58c32302af49534584
Size

346KB
Sample

220521-nr3j2shbeq
MD5

9940d65f9e971328645bb9e8f01b313b
SHA1

527afdd0896049b05c2887ea1ed2ffa6fa5f9414
SHA256

75cfff8716305022e28387f46165937965c226c0cb410c58c32302af49534584
SHA512

e4b543c92d0aa1125290a3ff3413678607fe8eeb0675d9f77b1830802c37e8d5a14015187eebf67c158cde0ae466e9403298a422bd94fcfaf495b9ba78a42a52

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Purchase Order.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Purchase Order.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
07062487004

Targets

- Target
  
  Purchase Order.exe
- Size
  
  489KB
- MD5
  
  e2617fc4c82436c96092b5b812bfa8ad
- SHA1
  
  9337e67fb93d8fec2c64f08156389ae313297faa
- SHA256
  
  777724ddfa6e73aca46c52991e3805ac1fabee9359fa362d9e084f4d2461fa04
- SHA512
  
  96708fde6622ba1d27e349c116c25cea047123cd0d2c3d9e152a81d1c36e5048a9bb478917c13aea174d77ae68447b4634d253b284dcaaa6e37c5443fd4cd5e1
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy