agenttesla | 29ffab1945140b3023abfa94dcca51b72dca9473dc5ccead086bef6205b37265 | Triage

Submit
Reports

Overview

overview

Static

static

29ffab1945...65.doc

windows7_x64

29ffab1945...65.doc

windows10_x64

1

Sharing

Copy URL Twitter E-mail

General

Target

29ffab1945140b3023abfa94dcca51b72dca9473dc5ccead086bef6205b37265.doc
Size

413KB
Sample

200713-nhhw8epxx2
MD5

d41a4bf9b84f42a0d085687bbabcd93b
SHA1

afceb4f7b9755ec3193d797d2f13eb8d7dbed317
SHA256

29ffab1945140b3023abfa94dcca51b72dca9473dc5ccead086bef6205b37265
SHA512

a5d99ac141cde94f2d5041a9ad0db338e72cc4d0e50043f03df1e18d8376795739cd13826999a209c983baeee598cd21d7b64898c33d27466805e180477b5fa5

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

29ffab1945140b3023abfa94dcca51b72dca9473dc5ccead086bef6205b37265.doc

Resource

win7

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

29ffab1945140b3023abfa94dcca51b72dca9473dc5ccead086bef6205b37265.doc

Resource

win10v200430

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

httP://paste.ee/r/3rgRS

ps1.dropper

httPs://paste.ee/r/fgIgt

Targets

- Target
  
  29ffab1945140b3023abfa94dcca51b72dca9473dc5ccead086bef6205b37265.doc
- Size
  
  413KB
- MD5
  
  d41a4bf9b84f42a0d085687bbabcd93b
- SHA1
  
  afceb4f7b9755ec3193d797d2f13eb8d7dbed317
- SHA256
  
  29ffab1945140b3023abfa94dcca51b72dca9473dc5ccead086bef6205b37265
- SHA512
  
  a5d99ac141cde94f2d5041a9ad0db338e72cc4d0e50043f03df1e18d8376795739cd13826999a209c983baeee598cd21d7b64898c33d27466805e180477b5fa5
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy