agenttesla | dbf90e15084a0435f44d21631b48e8c1cddfae971f631cb06647dd6de78873b1 | Triage

Submit
Reports

Overview

overview

Static

static

1

obizx.rtf

windows7-x64

obizx.rtf

windows10-2004-x64

1

Sharing

General

Target

obizx.doc
Size

193KB
Sample

231206-cj7cgsab52
MD5

91dcb6cc7abd7d1fc56b67b167ca0680
SHA1

c50d9452b93bc66d13d5dea119c416180f22a3ea
SHA256

dbf90e15084a0435f44d21631b48e8c1cddfae971f631cb06647dd6de78873b1
SHA512

a23be617a086d2572d5d45153cb14bb8eb3d8728dbc388c5c31e59ce1015d142819866848bd7927a5e903952dad56e40cf3a79c80bbaff2b62e64d7212742fbd
SSDEEP

768:KwAbZSibMX9gRWjtwAbZSibMX9gRWjGfkiHw5A/Qok5:KwAlRkwAlRHflw5A/s

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

obizx.rtf

Resource

win7-20231023-en

agenttesla keylogger spyware stealer trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

obizx.rtf

Resource

win10v2004-20231130-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
cp5ua.hyperhost.ua
Port:
587
Username:
[email protected]
Password:
7213575aceACE@#$

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
cp5ua.hyperhost.ua
Port:
587
Username:
[email protected]
Password:
7213575aceACE@#$
Email To:
[email protected]

Targets

- Target
  
  obizx.doc
- Size
  
  193KB
- MD5
  
  91dcb6cc7abd7d1fc56b67b167ca0680
- SHA1
  
  c50d9452b93bc66d13d5dea119c416180f22a3ea
- SHA256
  
  dbf90e15084a0435f44d21631b48e8c1cddfae971f631cb06647dd6de78873b1
- SHA512
  
  a23be617a086d2572d5d45153cb14bb8eb3d8728dbc388c5c31e59ce1015d142819866848bd7927a5e903952dad56e40cf3a79c80bbaff2b62e64d7212742fbd
- SSDEEP
  
  768:KwAbZSibMX9gRWjtwAbZSibMX9gRWjGfkiHw5A/Qok5:KwAlRkwAlRHflw5A/s
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy