agenttesla | 56757accfe00022eadd58f3f82ff5b4de4d2aa6e3fe427fa990af3d31723ebd9 | Triage

Sharing

General

Target

RFQ# ZAT77095_pdf.scr
Size

1001KB
Sample

210408-xhpzfysrq2
MD5

a68e022018d05e68ab3cfa488af1c998
SHA1

c826625d790173e42ad53ca5e33879c35069996b
SHA256

56757accfe00022eadd58f3f82ff5b4de4d2aa6e3fe427fa990af3d31723ebd9
SHA512

64739d5a31d7b3b4870005d84d157ac5b19d31647771e072e75e7d28ddc3259e5d00fd3cf8b7bcfe8c564d9ce96c4a4fdcc1509e9455ff7d900371565795719a

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
emmanuel.chiboy@yandex.ru
Password:
emmanuel123456789

Targets

- Target
  
  RFQ# ZAT77095_pdf.scr
- Size
  
  1001KB
- MD5
  
  a68e022018d05e68ab3cfa488af1c998
- SHA1
  
  c826625d790173e42ad53ca5e33879c35069996b
- SHA256
  
  56757accfe00022eadd58f3f82ff5b4de4d2aa6e3fe427fa990af3d31723ebd9
- SHA512
  
  64739d5a31d7b3b4870005d84d157ac5b19d31647771e072e75e7d28ddc3259e5d00fd3cf8b7bcfe8c564d9ce96c4a4fdcc1509e9455ff7d900371565795719a
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan