agenttesla | 28b8a6d5f87043dd78a7a608c7b74637a5d43e2ddee6a2378e23edc224055577 | Triage

Submit
Reports

Overview

overview

Static

static

MM20ROMNOR...87.exe

windows7_x64

MM20ROMNOR...87.exe

windows10-2004_x64

Sharing

General

Target

28b8a6d5f87043dd78a7a608c7b74637a5d43e2ddee6a2378e23edc224055577
Size

235KB
Sample

220521-pdkbzsacel
MD5

5ebbdfca73a38ef721651601ca74eb9a
SHA1

627f84c97a7383d35309e36459af3947c1386e49
SHA256

28b8a6d5f87043dd78a7a608c7b74637a5d43e2ddee6a2378e23edc224055577
SHA512

8a487730c5fd049f783d09ac97e05eff2bc56eadb8c3cf43c8c66f51af798ed0671d8eb12b0cd1eb65cc947d3bc60a4ff76de371c996e67b2eea80c7764b8b48

Score

10^/10

agenttesla agilenet collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

MM20ROMNORIN000387.exe

Resource

win7-20220414-en

agenttesla agilenet collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

MM20ROMNORIN000387.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  MM20ROMNORIN000387.exe
- Size
  
  602KB
- MD5
  
  14f5466475d76194d720e3ad4ccc7cec
- SHA1
  
  df8c73e5029b2d6be696441ebd1519ef08b3ab29
- SHA256
  
  6def60b69deb5f2daeddbf624f84f03ec1bb971a8e49c67da3cbf3749a2ecdc7
- SHA512
  
  3c691d08d9b475b3822d84e1e00ed3dd2f43ecc3c55468ad9321935c91253883070364eae08f8be221a27122bc808b4ce6ac219817d78c9bd93f1f2912689912
Score

10^/10

agenttesla agilenet collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslaagilenetcollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy