agenttesla | 49ba87aa6289fa45606deacf3dc0edd27f341dd72c0d021a1d15a65e31a90c36 | Triage

Submit
Reports

Overview

overview

Static

static

IMG_630_375_10.exe

windows7_x64

IMG_630_375_10.exe

windows10_x64

Sharing

General

Target

IMG_630_375_10.r01
Size

237KB
Sample

210419-bmynxn6p6j
MD5

13c502d3cf569fabfb2fb93fbd66c570
SHA1

123c880585055339936677177ab89e242f1a5018
SHA256

49ba87aa6289fa45606deacf3dc0edd27f341dd72c0d021a1d15a65e31a90c36
SHA512

3b9d382a740f3bf5a37540961f9c7d301877c7b510dacffe7e636dff6ce777f731f52655e47b3d5754a8336272d7e00ff3b8ab0a705aa84b40b1852ebe9856df

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

IMG_630_375_10.exe

Resource

win7v20210410

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

IMG_630_375_10.exe

Resource

win10v20210408

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
x103860*&1333

Targets

- Target
  
  IMG_630_375_10.exe
- Size
  
  258KB
- MD5
  
  1ceae4d45ed09a9ed4d5c392a7654fa9
- SHA1
  
  ee4c9033fbb20d87723cb35333b5009086e9645c
- SHA256
  
  9406ad52a87d220e0eae7b7a65a1870a72df536649d9600aca18ddce2263001f
- SHA512
  
  79a71995f8b18386e584a1ac58b8ac180f7215b6f6af8adb3a2c893508fcdf5847309b18dae87e28dded6af45e38911c09d7a060b0203ba56d427ef313d36ae9
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Modifies WinLogon for persistence
  persistence
- AgentTesla Payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy