agenttesla | 54b87c735e53dc46cb15851c539dd0d020850f36df0fe8847b3b646ef7f3bb09 | Triage

Submit
Reports

Overview

overview

Static

static

Payment Ad...DF.exe

windows7_x64

Payment Ad...DF.exe

windows10-2004_x64

Sharing

General

Target

54b87c735e53dc46cb15851c539dd0d020850f36df0fe8847b3b646ef7f3bb09
Size

427KB
Sample

220521-nsh7sseag3
MD5

86fc6cd4ff9da68ac2d0851dc43c955a
SHA1

1bfef6007bb095d8b5a0922199f4843e2165e806
SHA256

54b87c735e53dc46cb15851c539dd0d020850f36df0fe8847b3b646ef7f3bb09
SHA512

373eecd2183957f6ada03fa585f9d4f39382da5935a64174228e1718677fc37044d80ba95d69f73851a8d23f578cb053bf2d476226bda6311216fc6ad9c1c33e

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Payment Advise 16th-06-2020_PDF.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Payment Advise 16th-06-2020_PDF.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.karcek.com.tr
Port:
587
Username:
info@karcek.com.tr
Password:
Ahmet.6193

Extracted

Credentials

Protocol: smtp
Host:
mail.karcek.com.tr
Port:
587
Username:
info@karcek.com.tr
Password:
Ahmet.6193

Targets

- Target
  
  Payment Advise 16th-06-2020_PDF.exe
- Size
  
  598KB
- MD5
  
  fbc4dfd8c27de605878999bb9f926476
- SHA1
  
  2cdf59053c9e0dab274f669e7d469c6d4c765164
- SHA256
  
  8f7831eb11d3b735517f5a32630d2c610caf3046e39c60c08fb42d0d864aa3b7
- SHA512
  
  6a6ba3853e6c8b7497ede01f1e55bd5322945923271eca402b85587e6abb74d08933df1a06f6a9083301894b71848ca0320e34a834efad5a547fd4579ded4b30
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy