agenttesla | 861f887932a3774522e3e4a054feeb7831039818d84083bcf7a6725ed48aa656 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...58.exe

windows7-x64

SecuriteIn...58.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.Win32.PWSX-gen.3625.3458.exe
Size

983KB
Sample

221206-e3netshd92
MD5

f6d16703c2aa498d1c7e5bc782f4eb9d
SHA1

13438d12766b5d1f3395fa5bbf7e92d1f340c7d2
SHA256

861f887932a3774522e3e4a054feeb7831039818d84083bcf7a6725ed48aa656
SHA512

550ac465155a3823b6d02e95a20673e24b935f1e9ba61fce724770692eb36086e5c801ac487bdc8608df95b00c74a193dc6232850d46664b78a4bc5cf60e8a21
SSDEEP

24576:HIkrAUkvkoLFcABAUn/vfgC+Cw0byHSXJcr0o6qure:HIkEpsoLFciAUn/z+Cw0b2SXmF6W

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win32.PWSX-gen.3625.3458.exe

Resource

win7-20221111-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win32.PWSX-gen.3625.3458.exe

Resource

win10v2004-20221111-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.symmdentaesthetics.com/
Port:
21
Username:
[email protected]/
Password:
smartooo@12

Protocol: ftp
Host:
ftp://ftp.symmdentaesthetics.com/
Port:
21
Username:
[email protected]/
Password:
smartooo@12

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.3625.3458.exe
- Size
  
  983KB
- MD5
  
  f6d16703c2aa498d1c7e5bc782f4eb9d
- SHA1
  
  13438d12766b5d1f3395fa5bbf7e92d1f340c7d2
- SHA256
  
  861f887932a3774522e3e4a054feeb7831039818d84083bcf7a6725ed48aa656
- SHA512
  
  550ac465155a3823b6d02e95a20673e24b935f1e9ba61fce724770692eb36086e5c801ac487bdc8608df95b00c74a193dc6232850d46664b78a4bc5cf60e8a21
- SSDEEP
  
  24576:HIkrAUkvkoLFcABAUn/vfgC+Cw0byHSXJcr0o6qure:HIkEpsoLFciAUn/z+Cw0b2SXmF6W
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy