agenttesla | d89923d8fee69637c73b4b9bee5b62dbeb4aca00ad71d2595e8a2937223f8413 | Triage

Submit
Reports

Overview

overview

Static

static

28273_pdf.exe

windows7_x64

28273_pdf.exe

windows10-2004_x64

6

Sharing

General

Target

d89923d8fee69637c73b4b9bee5b62dbeb4aca00ad71d2595e8a2937223f8413
Size

596KB
Sample

220521-pr879sbbbr
MD5

b3b41a847d3a647a384a3ae1cb8f894d
SHA1

edffef7b3332d62e58e2754781227f80805973d1
SHA256

d89923d8fee69637c73b4b9bee5b62dbeb4aca00ad71d2595e8a2937223f8413
SHA512

05df9eb6d60b5e3bea8f8c5275909fb246bf1dc5f3dce804b01a152ee99755d02c3b146a344109b82d4257d4f212612feeb3559eae88eae4b9509ee60fbd84d6

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

28273_pdf.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

28273_pdf.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.impressindia.net
Port:
587
Username:
[email protected]
Password:
Simbi!@#

Targets

- Target
  
  28273_pdf.exe
- Size
  
  518KB
- MD5
  
  e771e9ad3b315af96417f8afb43277d1
- SHA1
  
  191e14a19791415e893a48d5877ac1c9374c3895
- SHA256
  
  9b7f18795309cd9c9caafad0151d83817f72f1e1caf506b4173d62a988a5e2ec
- SHA512
  
  2dff31bfe24297fc27b95948baa00f07e3c59973418294c57bd496b1e15248c623347357dc2b0fc61ce3e389d9f0cd1d2a16042c374bc41301503f33c9865282
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy