agenttesla | 480399626e44d18f78ed91b3c8340fdcf9fbb3025030d14b35090c8790aa19b0 | Triage

Submit
Reports

Overview

overview

Static

static

3

PO.exe

windows7-x64

PO.exe

windows10-2004-x64

Sharing

General

Target

1098a8aa665d5e9f93f657799015005f_JaffaCakes118
Size

594KB
Sample

240328-1ebxsahb3t
MD5

1098a8aa665d5e9f93f657799015005f
SHA1

4bfca85c4f7866d5a8c50ce8583c600294285a95
SHA256

480399626e44d18f78ed91b3c8340fdcf9fbb3025030d14b35090c8790aa19b0
SHA512

c3f7b6dd85cd5cb5fcfb3090164067dbc4b00b410c44726614ffb78d0b7ae198f0bc3c9acb9c5388f83127bd376504bf9acef0e3903794f9ab9f35d83ba89e68
SSDEEP

12288:zikwIaHJIqslFyNO93M1t3JB8LlBG1p9Hk4FGcrl:zikhYJIrKNOKfGlBqGCl

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PO.exe

Resource

win7-20240221-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO.exe

Resource

win10v2004-20240226-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
sg2plcpnl0023.prod.sin2.secureserver.net
Port:
587
Username:
nbsupports@seshsupports.com
Password:
User@40378

Targets

- Target
  
  PO.exe
- Size
  
  640KB
- MD5
  
  77d0521505f69632ad6740ff52a29790
- SHA1
  
  a771c88ec2e7d267474ced87d047673de3d86df9
- SHA256
  
  b36fafecaa9f3252bc38d71ef8d16cff142337c8f5f8e98c414a057277c7cbe1
- SHA512
  
  125adc6617aa5fbdab97f5ff84ad6308dcb9bb838f41df410a39f304bc448c52da03a48c84c217272a7fac7593a4a2bbfa6de1f0edaa9527924e1ee7f549f432
- SSDEEP
  
  12288:6spOCWdZKUZ+SPwGVG5uzVOfxYxcUR55Oue3UUBTpV501/tQ:BAVdZrZ+SPw5szyWCUHYpV5C/O
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy