agenttesla | a0499bdaa5a2407579f7c1a6d60dd3b8fc393f338ed352acf92d0554b4a4e37d | Triage

Submit
Reports

Overview

overview

Static

static

NEW_SHIP.exe

windows7_x64

NEW_SHIP.exe

windows10-2004_x64

Sharing

General

Target

a0499bdaa5a2407579f7c1a6d60dd3b8fc393f338ed352acf92d0554b4a4e37d
Size

1.2MB
Sample

220521-paay5sabam
MD5

b789de7911e1ac6705a9c64dcc5d16f9
SHA1

0e5e37b0a4d6e80b659880b793271ebbc6324bae
SHA256

a0499bdaa5a2407579f7c1a6d60dd3b8fc393f338ed352acf92d0554b4a4e37d
SHA512

24c750cb7aedc4e199d41c1e79feff1945a4341ba5a1b75722a616baac6e53a6ba8227be717b305f003c1a5d840a5854d7ed108772f17a861d0a9648c80977b0

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

NEW_SHIP.exe

Resource

win7-20220414-en

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

NEW_SHIP.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
recieve@resulthome.xyz
Password:
VISION2020

Targets

- Target
  
  NEW_SHIP.EXE
- Size
  
  673KB
- MD5
  
  4d1a801103d87a6bb9d3e26689ef8983
- SHA1
  
  58f798848e53c6d5377eedb384e015a18351e0c2
- SHA256
  
  a6cb21742488b2257cc39988ced61f7ef5be6d3eff506c10fbc265aa560e6bd4
- SHA512
  
  d0989590ae27c069c2b6edd044bf34d83c0712c4a230c229a78a85fd91c6ea45630ac1c3de6ed5c5dfcbc795c390e90f9d58aeec8762b7eea783089c436c42bb
Score

10^/10

agenttesla keylogger spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy