agenttesla | 86e3101420d0467712a6920229e34bce70e978598abb37373c53306f937f8db7 | Triage

Submit
Reports

Overview

overview

Static

static

$267700.xlsx

windows7_x64

$267700.xlsx

windows10_x64

1

Sharing

General

Target

$267700.xlsx
Size

200KB
Sample

210226-nnwe6qpdhx
MD5

df0dbb4b27bda8afcdc08455003739e7
SHA1

86057b50f54296163776720171c21c2a946778e6
SHA256

86e3101420d0467712a6920229e34bce70e978598abb37373c53306f937f8db7
SHA512

4836c2aaf5dc450fb1a859770c735c1cfd2887dbeb779cc15c56e9a840f63e3a7d43d352dad3583eae4db2bcb7d31ea807f7f68258c258b423e9992c652cc3e2

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

$267700.xlsx

Resource

win7v20201028

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

$267700.xlsx

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.privateemail.com
Port:
587
Username:
[email protected]
Password:
lord@blessme

Targets

- Target
  
  $267700.xlsx
- Size
  
  200KB
- MD5
  
  df0dbb4b27bda8afcdc08455003739e7
- SHA1
  
  86057b50f54296163776720171c21c2a946778e6
- SHA256
  
  86e3101420d0467712a6920229e34bce70e978598abb37373c53306f937f8db7
- SHA512
  
  4836c2aaf5dc450fb1a859770c735c1cfd2887dbeb779cc15c56e9a840f63e3a7d43d352dad3583eae4db2bcb7d31ea807f7f68258c258b423e9992c652cc3e2
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Blocklisted process makes network request
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy