agenttesla | d2f1f28bac56207164e2c5364be21700303c8a8b6ef05270038736255c4593b2 | Triage

Submit
Reports

Overview

overview

Static

static

8

PO ORDER 13012020.pps

windows7_x64

PO ORDER 13012020.pps

windows10_x64

1

Sharing

General

Target

PO ORDER 13012020.pps
Size

115KB
Sample

210113-ykkanfg53s
MD5

ef0aed5496df29894d543f176f58ffb8
SHA1

c76d78256b743d6401c2272b69eb307f1ada4a9a
SHA256

d2f1f28bac56207164e2c5364be21700303c8a8b6ef05270038736255c4593b2
SHA512

e02803c05b3ab2ffc3d93655d0c474f8af0813101da568e2f39e1c5e28d62f49aaf7d8627f1125e4d92a952cac0307b62a20686f0c0ff41dc96081dd4e204740

Score

10^/10

agenttesla keylogger macro persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO ORDER 13012020.pps

Resource

win7v20201028

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO ORDER 13012020.pps

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

C2

http://103.133.105.179/8/inc/359ffad84790de.php

Targets

- Target
  
  PO ORDER 13012020.pps
- Size
  
  115KB
- MD5
  
  ef0aed5496df29894d543f176f58ffb8
- SHA1
  
  c76d78256b743d6401c2272b69eb307f1ada4a9a
- SHA256
  
  d2f1f28bac56207164e2c5364be21700303c8a8b6ef05270038736255c4593b2
- SHA512
  
  e02803c05b3ab2ffc3d93655d0c474f8af0813101da568e2f39e1c5e28d62f49aaf7d8627f1125e4d92a952cac0307b62a20686f0c0ff41dc96081dd4e204740
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- AgentTesla Payload
- Blocklisted process makes network request
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy