agenttesla | c76eb44cecc21c33fb6f61db8ed02e9d0a560f988e9bafb1c9fff5164afb2cb8 | Triage

Submit
Reports

Overview

overview

Static

static

Shipment D...ed.exe

windows7_x64

Shipment D...ed.exe

windows10_x64

1

Sharing

General

Target

Shipment Document BL INV and Packing list Attached.exe
Size

641KB
Sample

200731-a4hpq8h74s
MD5

2c0979106f8289a6bd62cade3af2445e
SHA1

0d632ae33206a89914a30f2db54ac4c2fb5e77d5
SHA256

c76eb44cecc21c33fb6f61db8ed02e9d0a560f988e9bafb1c9fff5164afb2cb8
SHA512

afb0104591c8570abda324e98042dd30ab29129b72af9c64359b314be6627925802e6fce300acb78290dd68df9b3783463b498514ab2e2d1e04d537953cb5961

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

keylogger stealer agenttesla

Behavioral task

behavioral1

Sample

Shipment Document BL INV and Packing list Attached.exe

Resource

win7

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Shipment Document BL INV and Packing list Attached.exe

Resource

win10v200722

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.mitravet.com
Port:
587
Username:
mv@mitravet.com
Password:
tunasushIsashim1

Targets

- Target
  
  Shipment Document BL INV and Packing list Attached.exe
- Size
  
  641KB
- MD5
  
  2c0979106f8289a6bd62cade3af2445e
- SHA1
  
  0d632ae33206a89914a30f2db54ac4c2fb5e77d5
- SHA256
  
  c76eb44cecc21c33fb6f61db8ed02e9d0a560f988e9bafb1c9fff5164afb2cb8
- SHA512
  
  afb0104591c8570abda324e98042dd30ab29129b72af9c64359b314be6627925802e6fce300acb78290dd68df9b3783463b498514ab2e2d1e04d537953cb5961
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

keyloggerstealeragenttesla

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy