agenttesla | e6eb2ae2e4e6d4ee40266c80f99169f284c67a901c7fff826d4156663910180d | Triage

Submit
Reports

Overview

overview

Static

static

e6eb2ae2e4...0d.exe

windows7_x64

e6eb2ae2e4...0d.exe

windows10_x64

3

Sharing

General

Target

e6eb2ae2e4e6d4ee40266c80f99169f284c67a901c7fff826d4156663910180d
Size

524KB
Sample

200508-xyem9ce5l6
MD5

5c35980b02c0b8d7215bed3cce049a0c
SHA1

91c0cf0dc6099389d3c9994b9090796b6b1837b2
SHA256

e6eb2ae2e4e6d4ee40266c80f99169f284c67a901c7fff826d4156663910180d
SHA512

61d12686a47afbd27754f06b245b091e38ee4cd5fc44f1842ce575268b735e06eccfbc107a956df25219836cd5fdff883fbca82c8ee952abdaacef99574d3154

Score

10^/10

agenttesla snakebot evasion keylogger snakebot spyware stealer trojan

Static task

static1

snakebot snakebot

Behavioral task

behavioral1

Sample

e6eb2ae2e4e6d4ee40266c80f99169f284c67a901c7fff826d4156663910180d.exe

Resource

win7v200430

agenttesla evasion keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e6eb2ae2e4e6d4ee40266c80f99169f284c67a901c7fff826d4156663910180d.exe

Resource

win10v200430

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.dianaglobalmandiri.com
Port:
587
Username:
[email protected]
Password:
Batam2019

Targets

- Target
  
  e6eb2ae2e4e6d4ee40266c80f99169f284c67a901c7fff826d4156663910180d
- Size
  
  524KB
- MD5
  
  5c35980b02c0b8d7215bed3cce049a0c
- SHA1
  
  91c0cf0dc6099389d3c9994b9090796b6b1837b2
- SHA256
  
  e6eb2ae2e4e6d4ee40266c80f99169f284c67a901c7fff826d4156663910180d
- SHA512
  
  61d12686a47afbd27754f06b245b091e38ee4cd5fc44f1842ce575268b735e06eccfbc107a956df25219836cd5fdff883fbca82c8ee952abdaacef99574d3154
Score

10^/10

agenttesla evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

snakebotsnakebot

behavioral1

agentteslaevasionkeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy