agenttesla | 491c8c295ce14c9a30a4e0be73835cd7b346e33b20e38d6db1977bbfd2beb285 | Triage

Submit
Reports

Overview

overview

Static

static

INVOICE.exe

windows7_x64

INVOICE.exe

windows10-2004_x64

Sharing

General

Target

491c8c295ce14c9a30a4e0be73835cd7b346e33b20e38d6db1977bbfd2beb285
Size

1.2MB
Sample

220521-pl2k8sfeh5
MD5

4e291d9665d500a45caf8e9a4975d87a
SHA1

3196ad2e14502988736344857aa6c5843ecaf912
SHA256

491c8c295ce14c9a30a4e0be73835cd7b346e33b20e38d6db1977bbfd2beb285
SHA512

783ebe549f0589a594df0ceee7f1dc2485dfea061788cbf17c8dbe5d58ee7fe5d70b86fb509addf2a09ca287e33c01f4f05176eb5f5a78b232425aaa0e01383c

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

INVOICE.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

INVOICE.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.ionos.es
Port:
587
Username:
info@theunitysoft.de
Password:
77*TeneFe!23*montana

Targets

- Target
  
  INVOICE.EXE
- Size
  
  435KB
- MD5
  
  386167a90e854d8b46b239248d9dae44
- SHA1
  
  e9bfeed596a8fbe9ba69a96307230b74515a48d2
- SHA256
  
  5451fd912c3cd8d9b5db9326f2c413905d9f4749f499e1cd5a3488e84bdc4ade
- SHA512
  
  85b5c88a4c02a708e51880d8dc7faaf156352b8212b19bb3637e1d0254990e7e42d0132ebc749e628a616c161b306950ae603dbd807c0c6038343d9a18d3b7a6
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy