agenttesla | 6eb7b74ec39eea1a0b9f4aa7e956b1cee9fbd96d4b7cc909de553c6b7b8d5d27 | Triage

Submit
Reports

Overview

overview

Static

static

PO3340-22052020.exe

windows7_x64

PO3340-22052020.exe

windows10-2004_x64

6

Sharing

General

Target

6eb7b74ec39eea1a0b9f4aa7e956b1cee9fbd96d4b7cc909de553c6b7b8d5d27
Size

622KB
Sample

220521-pkjn2aaffn
MD5

1e979d7d9a3881fc0a2d6a8dffc70e11
SHA1

5da5c43c7002484496379714bbbc0933a38ea1f0
SHA256

6eb7b74ec39eea1a0b9f4aa7e956b1cee9fbd96d4b7cc909de553c6b7b8d5d27
SHA512

507bbd216ea4e2c1bf4de9b5ee94111185986b1fd0684b1e3d12107255551eaa62e64f7565640ca36e68ed1e5cfd9de6cff2727c407b706693eea6b061ffc860

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO3340-22052020.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO3340-22052020.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.impressindia.net
Port:
587
Username:
zip@impressindia.net
Password:
!,tR}%PDdI0N

Targets

- Target
  
  PO3340-22052020.exe
- Size
  
  544KB
- MD5
  
  35c5e71f48be7d9def690629f4ccd29f
- SHA1
  
  e0220c136536a09798dcbe6ba3149359a6b05939
- SHA256
  
  2a4abd200745105770d74dbf311c5c1b4cfff4ce743cadd3d0cce2060648a119
- SHA512
  
  da227731023ff11bb9ea4e391ebfcf27fb83e52cfefd9ea58fbeb3d632bc56bf751c684e4f6c8ec6feb2c7a47df1a3256b07798156bf7af5476ed15f6d0afaa6
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy