agenttesla | 4dd2172ce6a988468ea514bae49dec9cd9bdbdc07f95e6546c75ebe4c9fc829d | Triage

Submit
Reports

Overview

overview

Static

static

61f2d6fa24...89.exe

windows7_x64

61f2d6fa24...89.exe

windows10_x64

Sharing

General

Target

61f2d6fa249bfd74e59d8f6d50191c62490fc690f7fb035fe2133b4566b38a89.zip
Size

173KB
Sample

201204-ey7tm31e86
MD5

2d270fe69d9cf7a2cd429df29abb645f
SHA1

9ba77ae5f6884b81d71237f29ad517a2d9cfb0e1
SHA256

4dd2172ce6a988468ea514bae49dec9cd9bdbdc07f95e6546c75ebe4c9fc829d
SHA512

f9c802feda531eb2e9ff2c0c7529659c658d30f501c5fe315dd59b53339b7c40842a6ee873963d3580ef7361563fac77d536dd58e8b29ab080469186ea8ec993

Score

10^/10

agenttesla evasion keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

61f2d6fa249bfd74e59d8f6d50191c62490fc690f7fb035fe2133b4566b38a89.exe

Resource

win7v20201028

agenttesla evasion keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

61f2d6fa249bfd74e59d8f6d50191c62490fc690f7fb035fe2133b4566b38a89.exe

Resource

win10v20201028

agenttesla evasion keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  61f2d6fa249bfd74e59d8f6d50191c62490fc690f7fb035fe2133b4566b38a89
- Size
  
  236KB
- MD5
  
  e1618002c8700b4ae261b1e5aea00e42
- SHA1
  
  71a93b760fb4c0ee6201ea09a19b50fd46d0439f
- SHA256
  
  61f2d6fa249bfd74e59d8f6d50191c62490fc690f7fb035fe2133b4566b38a89
- SHA512
  
  264a802e3e9e406d4a3f42d518a1ee1d6492cc012489c22525f1476375d73008e9b79d85f789f6d321b39800374fefbfa671031e4db6e247a152205cf4f76b3a
Score

10^/10

agenttesla evasion keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslaevasionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslaevasionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy