agenttesla | 3d3550693068ce7798061d4d792024a2c3c93573f13e0a08edd10a501b7af8ee | Triage

Submit
Reports

Overview

overview

Static

static

1

Transferen...ia.rar

windows10-1703-x64

3

Transferen...ia.exe

windows10-1703-x64

Sharing

General

Target

Transferencia de copia.r00
Size

787KB
Sample

230328-m856tscc7s
MD5

c72b15c0cfe5a085b4164f72cfef7492
SHA1

a5c4e3e801e9dd666c770f097d822b266a0c2d6d
SHA256

3d3550693068ce7798061d4d792024a2c3c93573f13e0a08edd10a501b7af8ee
SHA512

29d3e16473eed49280904bdabeafbc9fec90fc0c6834ccf1859f87239a7ee36800d93928177737a0f03f95028d82562d234aabf7ea455ab752ef01f37c13ad59
SSDEEP

12288:R1C+aDIABbHVaQPNu58WXbNqCiRwql0cbsDWzOY4M7ZZiP3cEDrpcWbcRAn:H7u1lglbNqBDbsuOYjZEc0lW+

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Transferencia de copia.rar

Resource

win10-20230220-en

windows10-1703-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Transferencia de copia.exe

Resource

win10-20230220-en

agenttesla collection keylogger spyware stealer trojan

windows10-1703-x64

22 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.coldiab.cl
Port:
587
Username:
felipe.flores@coldiab.cl
Password:
C0ldi4b2021npsw.

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.coldiab.cl
Port:
587
Username:
felipe.flores@coldiab.cl
Password:
C0ldi4b2021npsw.
Email To:
administracion@coldiab.cl

Targets

- Target
  
  Transferencia de copia.r00
- Size
  
  787KB
- MD5
  
  c72b15c0cfe5a085b4164f72cfef7492
- SHA1
  
  a5c4e3e801e9dd666c770f097d822b266a0c2d6d
- SHA256
  
  3d3550693068ce7798061d4d792024a2c3c93573f13e0a08edd10a501b7af8ee
- SHA512
  
  29d3e16473eed49280904bdabeafbc9fec90fc0c6834ccf1859f87239a7ee36800d93928177737a0f03f95028d82562d234aabf7ea455ab752ef01f37c13ad59
- SSDEEP
  
  12288:R1C+aDIABbHVaQPNu58WXbNqCiRwql0cbsDWzOY4M7ZZiP3cEDrpcWbcRAn:H7u1lglbNqBDbsuOYjZEc0lW+
Score

3^/10
behavioral1
- Target
  
  Transferencia de copia.exe
- Size
  
  1.0MB
- MD5
  
  9f73f51c34999bd30c41ff45b417b578
- SHA1
  
  7abbf5b0553b39d8501671561d97f20624976d16
- SHA256
  
  69053ec4d9bb824c9e644af7701c3a004af55cd76d3079d9ab79c13d141ae652
- SHA512
  
  e1362852fb8b03fcb81c9f22a458ed9e8fe2a98a01cd23adfc32c6f1f4b10195effdd67a54f0b5e166dc22d4b8aa700f69d61c0c114f388e2b00a4cc3a1233cc
- SSDEEP
  
  24576:j5U6hLdFCXOv8e2nxec/AIeyp9OlQfGBM/vyLdFGLdFmDe1J:1TfFC+2nd/Fu9FuF4eH
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy