agenttesla | 0a7b89d553db24732595f6ebd09ff05a954084fd5046b6715e7a48a05ad5e7cd | Triage

Submit
Reports

Overview

overview

Static

static

PREVIOUS R...DER.js

windows7-x64

8

PREVIOUS R...DER.js

windows10-2004-x64

Sharing

General

Target

PREVIOUS REPEAT PURCHASE ORDER.js
Size

9KB
Sample

221125-h5h5nsae74
MD5

a72a4dbbc967ec018310133e45d6af01
SHA1

72edb7a0e614564a123ad68bab6bf68763d8226c
SHA256

0a7b89d553db24732595f6ebd09ff05a954084fd5046b6715e7a48a05ad5e7cd
SHA512

7f971e386c7af8235d9ccdaaa1ec0c87e100705d681fa0082920ed1947df28a7a4cc757af98d5b3ca54660af63e53c4b2090dfb364c242f19f0198082ed2f3da
SSDEEP

192:gNVZjxD2SjlKXSwctD7Uzd9e9ac3VpRv5iDOgRLzGgjphitaKSud239x3YB1:gNLjgSjUCwCiud5AqgDI3yxIB1

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PREVIOUS REPEAT PURCHASE ORDER.js

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

PREVIOUS REPEAT PURCHASE ORDER.js

Resource

win10v2004-20220812-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.leonardfood.com
Port:
587
Username:
[email protected]
Password:
K@rimi95

Targets

- Target
  
  PREVIOUS REPEAT PURCHASE ORDER.js
- Size
  
  9KB
- MD5
  
  a72a4dbbc967ec018310133e45d6af01
- SHA1
  
  72edb7a0e614564a123ad68bab6bf68763d8226c
- SHA256
  
  0a7b89d553db24732595f6ebd09ff05a954084fd5046b6715e7a48a05ad5e7cd
- SHA512
  
  7f971e386c7af8235d9ccdaaa1ec0c87e100705d681fa0082920ed1947df28a7a4cc757af98d5b3ca54660af63e53c4b2090dfb364c242f19f0198082ed2f3da
- SSDEEP
  
  192:gNVZjxD2SjlKXSwctD7Uzd9e9ac3VpRv5iDOgRLzGgjphitaKSud239x3YB1:gNLjgSjUCwCiud5AqgDI3yxIB1
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy