agenttesla | 9d83580b805924c53fcb6e150a8c711b9a8169718883eadbc81aa2b0e6fd3b99 | Triage

Submit
Reports

Overview

overview

Static

static

FIRST PURC...ER.exe

windows7_x64

FIRST PURC...ER.exe

windows10-2004_x64

7

Sharing

General

Target

9d83580b805924c53fcb6e150a8c711b9a8169718883eadbc81aa2b0e6fd3b99
Size

412KB
Sample

220521-pvcy8sgad3
MD5

22af3dbfea5d7cedf0694f415f6e79f9
SHA1

73e549f8df0c42b6fb133241b8e223e44c3ac556
SHA256

9d83580b805924c53fcb6e150a8c711b9a8169718883eadbc81aa2b0e6fd3b99
SHA512

33ab3adbb6106d6bfccdbb8cf44beb769eed23e0b7f3ab12fea4e3a127b470178061b34474b16bf00748221477e9d317d8c9363d827a0362ebc1f49c60cc52ab

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

FIRST PURCHASE ORDER.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

FIRST PURCHASE ORDER.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.aquariuslogistics.com
Port:
587
Username:
ajay@aquariuslogistics.com
Password:
AQL@2019#$

Targets

- Target
  
  FIRST PURCHASE ORDER.exe
- Size
  
  714KB
- MD5
  
  dbbac19cfd01ab4e759500a13168a30b
- SHA1
  
  71917c8765aaa6e2869cc1b949bfddf3580457c5
- SHA256
  
  fe41fe0b302887f61f20473015f386ab57ddb4cc278b3e1639c07337012a58f4
- SHA512
  
  caa08b928acff84a762f64c8c18c332db8f546d003085415560bdc265c3c90953d3e54da5e2031d188beca49e8c891966f8f8de66c8202928045acfd7d80d4ee
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy