agenttesla | c22c6f9d19638ea1551aacfbcaff86e9b6426eb38eed5826c6b6c11053081c56 | Triage

Submit
Reports

Overview

overview

Static

static

revised or...ts.exe

windows7-x64

revised or...ts.exe

windows10-2004-x64

Sharing

General

Target

revised original documents.zip
Size

831KB
Sample

221002-pql2cafae5
MD5

99992ca6681872fa3ae9ea82a006d50e
SHA1

11ffd10747a7d1b4ff88b16b2694a0a6c89664f6
SHA256

c22c6f9d19638ea1551aacfbcaff86e9b6426eb38eed5826c6b6c11053081c56
SHA512

e3211c30671f58a3301a2d811e30ac15244b55bae85e8d5291d80b00fac3aaff0de17482e0c4dc408054dd2a6aa47a6d8b236e8638213f059267854afda9a582
SSDEEP

24576:tuKePaHyKnyZAGgDUB/TaQ4d3+H0ZnnxHUFN+y:wksZeU5Ahx0iy

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

revised original documents.exe

Resource

win7-20220901-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

revised original documents.exe

Resource

win10v2004-20220812-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.sseximclearing.com
Port:
587
Username:
saurav.roy@sseximclearing.com
Password:
Ssxm@9854

Targets

- Target
  
  revised original documents.exe
- Size
  
  1.1MB
- MD5
  
  cc98bc7f6a37ab1e9ec3e3257e15c854
- SHA1
  
  bc7a13f6051b7ffb0d4f969ba24614f88cea0035
- SHA256
  
  c30e355a92bee2c46c8e7cb9dea3532e99579e68b3a147d566dd8929a99d5893
- SHA512
  
  dbed212a92f976384034deec7f8a773d90db42c33ef5e5751b35227a5abf1fe634c688f35bbe50931f2963a8e09cba7a81e07d825d862869c7d862d9b5d9f5bf
- SSDEEP
  
  24576:q1Uv6ZAkgpwBVTKQMj3WH0DBnrsFFjrX:qTZ0wru9rsFFP
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy