agenttesla | a6e525064d378f66580bde838ce261b90bd4845f8353c56951f866a783b5d564 | Triage

Submit
Reports

Overview

overview

Static

static

long overd......exe

windows7_x64

long overd......exe

windows10-2004_x64

Sharing

General

Target

a6e525064d378f66580bde838ce261b90bd4845f8353c56951f866a783b5d564
Size

383KB
Sample

220521-nrg84shbej
MD5

9e473f377a63ae2604cabd99740124fe
SHA1

3fc71572403980cd8f154b111f175d7275426c87
SHA256

a6e525064d378f66580bde838ce261b90bd4845f8353c56951f866a783b5d564
SHA512

bf5488782ffcd853f1d0fc2049df410cf6504e57df3cb94b18b9be01a96e92e3069ae3731ab04fd4a85a52c809c57860713b1e828398b8d9cb4a4d72a8a50154

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

long overdue statement...exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

long overdue statement...exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.saamaygroup.com
Port:
587
Username:
[email protected]
Password:
pawan100

Targets

- Target
  
  long overdue statement...exe
- Size
  
  471KB
- MD5
  
  3d9e92eb84c67c184740c2e6f70c8be7
- SHA1
  
  f0a594d073858e1127ae7f4c7a57965a99f06f2d
- SHA256
  
  afd0f03e321e33d0651d4a3e7c8c3da6e2fb3407fcda6bfc1fcbca5f78a6ae5d
- SHA512
  
  a5e4d3c3b02c62110d03ac8d3107f803fe521eb210c9582bb2c97a097a7c3bb7d48b84cdd8a6e36add10294f87c9417cea8c14e712d9d0655eafbd8bc7f67362
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy