agenttesla | a6d985c984742eaef4baa9647cb3de87a5de7e2f3a33e63d255a29d1bedf2b46 | Triage

Submit
Reports

Overview

overview

Static

static

POLwtksTxCFgqh7.exe

windows7_x64

POLwtksTxCFgqh7.exe

windows10-2004_x64

Sharing

General

Target

a6d985c984742eaef4baa9647cb3de87a5de7e2f3a33e63d255a29d1bedf2b46
Size

424KB
Sample

220521-nrh6eaeae5
MD5

3a63a5e9ef5caa805c9bcfef5213618e
SHA1

af2571ba0e6b9afabae02c44690ed9c7447e18eb
SHA256

a6d985c984742eaef4baa9647cb3de87a5de7e2f3a33e63d255a29d1bedf2b46
SHA512

d6ff9015b9cfa0441c746b7b1155b6dd68d4442802215f2a315f32ae5de997bd563b0c312262289267098340f094b660a1d44f7dff13bcc31905da3e0b7d255a

Score

10^/10

agenttesla collection evasion keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

POLwtksTxCFgqh7.exe

Resource

win7-20220414-en

agenttesla collection evasion keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

POLwtksTxCFgqh7.exe

Resource

win10v2004-20220414-en

agenttesla collection evasion keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.islandkingpools.com
Port:
587
Username:
accounts@islandkingpools.com
Password:
Accounts$678

Extracted

Credentials

Protocol: smtp
Host:
mail.islandkingpools.com
Port:
587
Username:
accounts@islandkingpools.com
Password:
Accounts$678

Targets

- Target
  
  POLwtksTxCFgqh7.exe
- Size
  
  469KB
- MD5
  
  5d272c686eeb536b59cc1e899e47c07b
- SHA1
  
  a40f0308d6566b917ac5a612d6f9eca57f63eca6
- SHA256
  
  a563a898ce1c8dcac374ef8a468e39a185ca3b010f1a41b60731a7beac23f846
- SHA512
  
  d25dd0d00316b7dc68caf58b1eae4478edea1d1ff6b65cc797b6b11029a0e8f3d72b770fcf43d8f717631832d20b76069924c361c7fc13c25f2329920f705ad3
Score

10^/10

agenttesla collection evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- AgentTesla Payload
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionevasionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionevasionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy