agenttesla | 0ec65850335ec681a3eeff1a5aaa05485fa5997bbe3c669eb1bda9100bb3d67b | Triage

Submit
Reports

Overview

overview

Static

static

invoice.exe

windows7_x64

invoice.exe

windows10-2004_x64

Sharing

General

Target

0ec65850335ec681a3eeff1a5aaa05485fa5997bbe3c669eb1bda9100bb3d67b
Size

324KB
Sample

220521-ppdnksfga8
MD5

027154360c373f7f09bc0d4fe6605340
SHA1

d475a247ff458f0b25be868a53c1cae13f78d265
SHA256

0ec65850335ec681a3eeff1a5aaa05485fa5997bbe3c669eb1bda9100bb3d67b
SHA512

9204ff52d68786c2c9ebf964d2703d275c389d93d545a951518f3c2f50b91e7d4ea25cdb407dfbef343f269530643230d1338f1daa17adde65bfb807816b5256

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

invoice.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

invoice.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.ionos.es
Port:
587
Username:
info@theunitysoft.de
Password:
77*TeneFe!23*montana

Targets

- Target
  
  invoice.exe
- Size
  
  435KB
- MD5
  
  1408f36656fc33e202b9c94a1a1e834f
- SHA1
  
  419b16277e612d1367f954bb4674d91cfbf4fea8
- SHA256
  
  d5414c39cce4d671db2abfc5879a2a2e97a60313070d37c359b01b50f201aed2
- SHA512
  
  2db1823d75dc6f7c8ee6efafd7c3c78a3668360d4fca935a9a5dbb3b056bf3d399c3714bc37ce2b108a903a24fed701deff68e3004f8c2f4cbf71c1a662c62d9
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy