agenttesla | 9e3692bb1a27ae65d511a86ac28a129d15f3ce3d03e974ab28af07ad87deaa01 | Triage

Submit
Reports

Overview

overview

Static

static

1

95abf03a0d...93.exe

windows7-x64

95abf03a0d...93.exe

windows10-2004-x64

7

Sharing

General

Target

096547f66d02f43f7382c81bed7a24f3.bin
Size

305KB
Sample

230328-bgbmcsaa4v
MD5

3adcd857b1bdb19550993cf194aaeeb6
SHA1

0dacf1e978aa5c591d00ace0c4f57f491490ee24
SHA256

9e3692bb1a27ae65d511a86ac28a129d15f3ce3d03e974ab28af07ad87deaa01
SHA512

13d26d7ebc6fbc210cd62e1430444e01582cf3f1f325e0a1dfac2b3d361d5a6b59a0ae5c8085b35e6c05ac90777ace9655c0e2971c9b98ef67e31e001b722d2e
SSDEEP

6144:raCeLknl+ZHF4iEie07jRi8dcyHtc8NeDBOMrYTjQQ6NoUi/GEUEvt:iwnoNF4W7lndcyHtcjF8jQfW/OEUE1

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

95abf03a0df4af716ca9e0cb1154e3e10753d2be8d299a0ad3e44fb87077ee93.exe

Resource

win7-20230220-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

95abf03a0df4af716ca9e0cb1154e3e10753d2be8d299a0ad3e44fb87077ee93.exe

Resource

win10v2004-20230221-en

collection spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5800132992:AAEiAnLbVaQFAl51tOorObI_ia8oF7x04sI/

Targets

- Target
  
  95abf03a0df4af716ca9e0cb1154e3e10753d2be8d299a0ad3e44fb87077ee93.bin
- Size
  
  792KB
- MD5
  
  096547f66d02f43f7382c81bed7a24f3
- SHA1
  
  bd2e0d6a3c5fdcdbbea2b66ea3fdc4a783ea784d
- SHA256
  
  95abf03a0df4af716ca9e0cb1154e3e10753d2be8d299a0ad3e44fb87077ee93
- SHA512
  
  ba8e1ab9e6d6971c11a21d464226837edb23415a06f290efac9c49d014336811323951562858e3735d1fbebe80632976692a24e4dcd907b623182f4d39b2d98b
- SSDEEP
  
  12288:1dcv5cifSJjDGamUkr8ulM7UA54BUVFyYQBJhEd6pgh:NJ/GovulMVOQQBJ2d6pg
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

collectionspywarestealer

© 2018-2024

Terms | Privacy