agenttesla | 4e63cadd6aa91bc65755bd2b4035a3451cbc4854ed2817ac08941919f892f7e7 | Triage

Submit
Reports

Overview

overview

Static

static

b0a10bd27d...92.exe

windows7_x64

b0a10bd27d...92.exe

windows10_x64

Sharing

General

Target

b0a10bd27d48fea4e569797829057892
Size

861KB
Sample

210927-rwv8bahcdm
MD5

b0a10bd27d48fea4e569797829057892
SHA1

5909c3383e27a1c5e7edcadd5319b31d2813df12
SHA256

4e63cadd6aa91bc65755bd2b4035a3451cbc4854ed2817ac08941919f892f7e7
SHA512

76434b2b0731013ab311035f84986b9385ec2db89c178e74e7f7ec0987bbcfefebe4202756b50c922b30c5e69cc02c2bec4f92687b960cd299c5c4cb0521d290

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

b0a10bd27d48fea4e569797829057892.exe

Resource

win7-en-20210920

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b0a10bd27d48fea4e569797829057892.exe

Resource

win10v20210408

agenttesla keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.airseaalliance.com
Port:
587
Username:
admin@airseaalliance.com
Password:
CIRcumFerted221

Targets

- Target
  
  b0a10bd27d48fea4e569797829057892
- Size
  
  861KB
- MD5
  
  b0a10bd27d48fea4e569797829057892
- SHA1
  
  5909c3383e27a1c5e7edcadd5319b31d2813df12
- SHA256
  
  4e63cadd6aa91bc65755bd2b4035a3451cbc4854ed2817ac08941919f892f7e7
- SHA512
  
  76434b2b0731013ab311035f84986b9385ec2db89c178e74e7f7ec0987bbcfefebe4202756b50c922b30c5e69cc02c2bec4f92687b960cd299c5c4cb0521d290
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy