agenttesla | 0a6ca6bcc0fb1fd661777bffd8115e5b367f53734248333b95a9e56ad4d79bcc | Triage

Submit
Reports

Overview

overview

Static

static

Invoice.exe

windows7_x64

Invoice.exe

windows10-2004_x64

Sharing

General

Target

0a6ca6bcc0fb1fd661777bffd8115e5b367f53734248333b95a9e56ad4d79bcc
Size

324KB
Sample

220521-pppqvaahgq
MD5

e30789dd94bfc59e604261dba37af90d
SHA1

f466f59ae0a1ce3bb97d82cb2e0ba1255313f0ae
SHA256

0a6ca6bcc0fb1fd661777bffd8115e5b367f53734248333b95a9e56ad4d79bcc
SHA512

28a6caeee9ce167717f57ac4802b6ff25014017babedcda9e6e24c6eaef4e8e2033b66f6542b002d217cd5c4ea746145323a102883780cfce2c8132186d8d93f

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Invoice.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Invoice.exe

Resource

win10v2004-20220414-en

agenttesla keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.ionos.es
Port:
587
Username:
info@theunitysoft.de
Password:
77*TeneFe!23*montana

Targets

- Target
  
  Invoice.exe
- Size
  
  436KB
- MD5
  
  0a4bc78d379bedfc32e4614ab3388a5e
- SHA1
  
  1d3251d01a6d0ca0c2138bb20f3fbab4be0f4aa0
- SHA256
  
  007a9b9e84d0340480feec469aed51d8428fda32c886068804fc6574f6d0df78
- SHA512
  
  aa86adc21b3b60162442d7a4453619bffaf5aa692c48d4364bd380852002aaa4e77032323e79c88cbe19366f4a51a7ee1950720e58220e755ff1474b77901a06
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy