agenttesla | 8a2fcf39d063a677651788eb6c50d8b8afbf9cd779f9b4bb30489ab6632ae79e | Triage

Submit
Reports

Overview

overview

Static

static

Export Doc...3).exe

windows7_x64

Export Doc...3).exe

windows10-2004_x64

Sharing

General

Target

8a2fcf39d063a677651788eb6c50d8b8afbf9cd779f9b4bb30489ab6632ae79e
Size

325KB
Sample

220521-nxyhaahddl
MD5

025da2766c67a99ecc9be93fc9dc5094
SHA1

db7c12176c2451b76f38d32b893ad103543f2b29
SHA256

8a2fcf39d063a677651788eb6c50d8b8afbf9cd779f9b4bb30489ab6632ae79e
SHA512

8a7596557b8797de6e2356f3c3d7ad88125c0dcaca0db11cb9ccbe307a474b47b827ac8862725ed160fd5a1de03e99b8fd10b01359036868f137a62f7c51301e

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Export Documents (3).exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Export Documents (3).exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.saamaygroup.com
Port:
587
Username:
ashimdutta@saamaygroup.com
Password:
pawan100

Targets

- Target
  
  Export Documents (3).exe
- Size
  
  379KB
- MD5
  
  610f554a3f2be23144dabbf8071dc6cc
- SHA1
  
  b7fe05e6b16b8a9be9b1b6afbe080f91ba6aaa84
- SHA256
  
  c9068274125d74f39ca0d4833d18cdc22f24676ed7c10ada30399e02ed4d4fc4
- SHA512
  
  ee55296bcb9da951015c43d6a9273f12997b62f24a85f368b8eaac105ee619f017193e1682938cb22860597c8c02e5dee73e4a2a314290c1091d9d57a1e902cf
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy