agenttesla

General

Target

18dfd688bb3f715dee4d4170adad9cfa.exe
Size

186KB
Sample

201225-y139d185re
MD5

18dfd688bb3f715dee4d4170adad9cfa
SHA1

49e5850b7b81960a695bf90c674c204361b961cd
SHA256

82c5a4103769e5391fee93ead9d6509dd3eb8186f53ce450f14a22b4f82e968c
SHA512

f6f3a6bcfa439ec6f2c2b2c53326df2ba77692bdf6f64452a8759a93ad0626fbfe8efa04b5d3c5d294cd365c478c2e5fa12319c077f41ff2b5b5bf8b7982d77e

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://rexstat35xm.xyz/statweb577/

http://dexspot2cx.club/statweb577/

http://atxspot20cx.best/statweb577/

http://rexspot7xm.xyz/statweb577/

http://datasectex.com/statweb577/

http://servicem977xm.xyz/statweb577/

http://advertxman7cx.xyz/statweb577/

http://starxpush7xm.xyz/statweb577/

rc4.i32

Targets

- Target
  
  18dfd688bb3f715dee4d4170adad9cfa.exe
- Size
  
  186KB
- MD5
  
  18dfd688bb3f715dee4d4170adad9cfa
- SHA1
  
  49e5850b7b81960a695bf90c674c204361b961cd
- SHA256
  
  82c5a4103769e5391fee93ead9d6509dd3eb8186f53ce450f14a22b4f82e968c
- SHA512
  
  f6f3a6bcfa439ec6f2c2b2c53326df2ba77692bdf6f64452a8759a93ad0626fbfe8efa04b5d3c5d294cd365c478c2e5fa12319c077f41ff2b5b5bf8b7982d77e
Score

10^/10

smokeloader backdoor trojan agenttesla redline infostealer keylogger spyware stealer
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- AgentTesla Payload
  keylogger stealer
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine

SmokeLoader

AgentTesla Payload

Executes dropped EXE

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2