agenttesla | c94596dbfbc9fde422a8f6b20fc6e488d9fcd33931e0e2e07430824eeff8a04a | Triage

Submit
Reports

Overview

overview

Static

static

INV2020.06...CX.exe

windows7_x64

INV2020.06...CX.exe

windows10_x64

3

Sharing

General

Target

INV2020.06.09974.DOCX.exe
Size

331KB
Sample

200716-bbqzm6xp22
MD5

8dc8dd6ff7a50bf1bdcdaeea069a4ae6
SHA1

133cb0200309be4089f1c60ecb9c0db1fb66f551
SHA256

c94596dbfbc9fde422a8f6b20fc6e488d9fcd33931e0e2e07430824eeff8a04a
SHA512

d2bd87fbc8fb5b2f60cafe9b65561647f637853550dd57430e062aae4856ca9984e4246a327d3611d674bdf1fdaebdaf0b3f8f94604d987990a78f708bce11fc

Score

10^/10

agenttesla asyncrat keylogger rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

INV2020.06.09974.DOCX.exe

Resource

win7v200430

agenttesla asyncrat keylogger rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

INV2020.06.09974.DOCX.exe

Resource

win10

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

null:null

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
DHyXENUbuF7kz7qg9whtglVdx8ChMDvS
anti_detection
false
autorun
false
bdos
false
delay
Default
host
null
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
https://pastebin.com/raw/63NgqBcT
port
null
version
0.5.7B

aes.plain

Targets

- Target
  
  INV2020.06.09974.DOCX.exe
- Size
  
  331KB
- MD5
  
  8dc8dd6ff7a50bf1bdcdaeea069a4ae6
- SHA1
  
  133cb0200309be4089f1c60ecb9c0db1fb66f551
- SHA256
  
  c94596dbfbc9fde422a8f6b20fc6e488d9fcd33931e0e2e07430824eeff8a04a
- SHA512
  
  d2bd87fbc8fb5b2f60cafe9b65561647f637853550dd57430e062aae4856ca9984e4246a327d3611d674bdf1fdaebdaf0b3f8f94604d987990a78f708bce11fc
Score

10^/10

agenttesla asyncrat keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- AgentTesla Payload
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaasyncratkeyloggerratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy