agenttesla | 63a6df094357141041ecaa6d490c88f5b9a2f8d1641780fced6b0b07ce3d20b6 | Triage

Submit
Reports

Overview

overview

Static

static

3

CONFIRM PR...44.exe

windows7-x64

CONFIRM PR...44.exe

windows10-2004-x64

Sharing

General

Target

0c6d967f7f17e3f7d66bf81f4f6254e4_JaffaCakes118
Size

1.2MB
Sample

240328-wn5t1add82
MD5

0c6d967f7f17e3f7d66bf81f4f6254e4
SHA1

7ea48a7f6212017caa5ceb0f49b7ccd70eea987c
SHA256

63a6df094357141041ecaa6d490c88f5b9a2f8d1641780fced6b0b07ce3d20b6
SHA512

78c9aea681c35690a35de44c5d43ef1c14dba7d8cdae4959e692b7d68d3133b42cd57c46f2d1c3bb5e197f78a47776784977f1cee9d33b12d5f610103f4a7c5e
SSDEEP

24576:EWeF8FYFUSDg+qoTxSkEuAp+6MTYmEE4:EyYhg+qoUk49mt

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

CONFIRM PROFORMA INVOICE NO 21091042 21091044.exe

Resource

win7-20240215-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

CONFIRM PROFORMA INVOICE NO 21091042 21091044.exe

Resource

win10v2004-20240226-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.topfrozenfoodbrand.com
Port:
587
Username:
compra@topfrozenfoodbrand.com
Password:
Everest10purch
Email To:
purchase@topfrozenfoodbrand.com

Targets

- Target
  
  CONFIRM PROFORMA INVOICE NO 21091042 21091044.exe
- Size
  
  675KB
- MD5
  
  21bdc587f6630da32bbb95e3edafd8a6
- SHA1
  
  50e89252950c924ef81520b6c527459c92ec9d03
- SHA256
  
  4c3faf064979c03b4abd8e1b0c0b64b4753d6f702401509ee4989319d079357d
- SHA512
  
  161ad24db09927ef85b7b43f5ee206e985016ef2e57dfded4e6d00b5619aa0bc1084cc3e5f6443bbd83b0bafd71a5eab4e9473a3adc7ad2e68272841deb592e0
- SSDEEP
  
  12288:Olf7khylvNBOFYFx2wzDa3+qoTxjmvoBjEA57st/+6Mb/YErzEEwr:qWeF8FYFUSDg+qoTxSkEuAp+6MTYmEE4
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Drops file in Drivers directory
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy