agenttesla | b6be0879f87f35a6f4c27d1666cf8e183427e868944e6a23d035a13b6208dfb6 | Triage

Submit
Reports

Overview

overview

Static

static

DETALLES D...df.exe

windows7_x64

DETALLES D...df.exe

windows10_x64

Sharing

General

Target

DETALLES DE SEGUIMIENTO DE FedEx-pdf.exe
Size

1.4MB
Sample

200624-8vnskxkvd6
MD5

5fe333e1a731213b8b761cfa114a4c24
SHA1

c0eef045d92eac31b471e3e80abc1591088ada0b
SHA256

b6be0879f87f35a6f4c27d1666cf8e183427e868944e6a23d035a13b6208dfb6
SHA512

ee1dec45423c9c276add252c6f37270e356edc99bf27501b7ddaefeb78056dd5fcae5b55cdf19355b06bf19c9fba5ef33d38780a6d58933737be3f099015307a

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

DETALLES DE SEGUIMIENTO DE FedEx-pdf.exe

Resource

win7v200430

spyware persistence keylogger trojan stealer agenttesla

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DETALLES DE SEGUIMIENTO DE FedEx-pdf.exe

Resource

win10

spyware keylogger trojan stealer agenttesla

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.kassohome.com.tr
Port:
21
Username:
Ernest2020@kassohome.com.tr
Password:
jN9DaHjY3SiU

Targets

- Target
  
  DETALLES DE SEGUIMIENTO DE FedEx-pdf.exe
- Size
  
  1.4MB
- MD5
  
  5fe333e1a731213b8b761cfa114a4c24
- SHA1
  
  c0eef045d92eac31b471e3e80abc1591088ada0b
- SHA256
  
  b6be0879f87f35a6f4c27d1666cf8e183427e868944e6a23d035a13b6208dfb6
- SHA512
  
  ee1dec45423c9c276add252c6f37270e356edc99bf27501b7ddaefeb78056dd5fcae5b55cdf19355b06bf19c9fba5ef33d38780a6d58933737be3f099015307a
Score

10^/10

spyware persistence keylogger trojan stealer agenttesla
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Modifies service
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

spywarepersistencekeyloggertrojanstealeragenttesla

behavioral2

spywarekeyloggertrojanstealeragenttesla

© 2018-2024

Terms | Privacy