agenttesla | 8ba994c442daf0e263b24203bf013eff5d99e1efa9ade9a419c41e3c8f3b00d5 | Triage

Submit
Reports

Overview

overview

Static

static

RFQ ORDE.exe

windows7_x64

RFQ ORDE.exe

windows10-2004_x64

Sharing

General

Target

8ba994c442daf0e263b24203bf013eff5d99e1efa9ade9a419c41e3c8f3b00d5
Size

1.2MB
Sample

220521-ph8v5safal
MD5

26aff259fa685a9dfe4e51e4927a4a0d
SHA1

5c510c41adc8c207c65966a7bfe41c972dfd6cca
SHA256

8ba994c442daf0e263b24203bf013eff5d99e1efa9ade9a419c41e3c8f3b00d5
SHA512

299302dee24101c6c359fd67930467ee83ba4c0afac67742d45fa1b4802a44402f88cba638b52997b3f4b83dcab64962447357afec1c4b3adef0d9849d060cdc

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RFQ ORDE.exe

Resource

win7-20220414-en

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ ORDE.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
dimple@xliftginger.site
Password:
Naija81,J

Targets

- Target
  
  RFQ ORDE.EXE
- Size
  
  435KB
- MD5
  
  53c5f7bcea55b0ae4fe62addeafda2c8
- SHA1
  
  4d0cbee8db2201af13f987cb5e7527fcf507e2b5
- SHA256
  
  f81ffe76cfa1447a52ab6613c83933a5040b49221bb16c5a86ba416b3026240b
- SHA512
  
  79f6c152a008ffd28b63772f940541c56af5379fea8e254596ef05c2d8231d09fa6ecc91b8ec978cf77e938c4aca39f59656ee00dcc4ed5e26f0ff103ecce888
Score

10^/10

agenttesla keylogger spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy