agenttesla | 05aed5baff08d18cdd83ce49f9f08897df25a908a4e0b0e27c4768c3e90ee174 | Triage

Submit
Reports

Overview

overview

Static

static

OLUn8L3Z.exe

windows7_x64

OLUn8L3Z.exe

windows10_x64

Sharing

General

Target

OLUn8L3Z.zip
Size

579KB
Sample

210419-em1ecd216a
MD5

91bf3d10d971f89a5c3660f1ce49c770
SHA1

ac7b21c4df59317bf7c0fb34de4b366b54e309b4
SHA256

05aed5baff08d18cdd83ce49f9f08897df25a908a4e0b0e27c4768c3e90ee174
SHA512

8f0ca740afff01ac295d6c6c8395598778923b35dfda576e35816e2df909ce018e9df29bc7dadf4f030ec3b046400d84b22e920665dbbd55182d7c71f37d377c

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

OLUn8L3Z.exe

Resource

win7v20210410

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

OLUn8L3Z.exe

Resource

win10v20210410

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.mesco-midhco.com
Port:
587
Username:
[email protected]
Password:
fFEawV%0

Targets

- Target
  
  OLUn8L3Z.exe
- Size
  
  940KB
- MD5
  
  d7a6c07be5a5f212884d01797c3d5fa6
- SHA1
  
  e4cb2a03354a7417f1062c89b0f08018863380df
- SHA256
  
  71032ee8d3bb7e5b97fc58c2478c58b218730eb7a56929da7c5d4816e202e71c
- SHA512
  
  50cddcdff86594fea2f2ffe24cdef71b0bf9fbd46703f3dca37f2a89630a57ea63c0b5cbd2d0be682e2e9f03bdcb478cd61c5bc959fa7f35d132e70f04f20d7c
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy