agenttesla | 9124e16d0db26bb4f560f7240882404162302ba301a430a025c5b7d20c6e3bc8 | Triage

Submit
Reports

Overview

overview

Static

static

PO-no 74GW0942.exe

windows7_x64

PO-no 74GW0942.exe

windows10_x64

Sharing

General

Target

PO-no 74GW0942.zip
Size

632KB
Sample

210420-dj87ynm23n
MD5

875faa81f6ef331c9d391e0fbdd3a87c
SHA1

2a55586fbdbb24295136f6895cbbd7b41488b671
SHA256

9124e16d0db26bb4f560f7240882404162302ba301a430a025c5b7d20c6e3bc8
SHA512

1249d8fec0be96250b31ac341657390042f938cb798c1fd484fee3e3d755ec595eec3edade5e0639812885d8d556905f7ba6bf058225bd41279c5bbdfe5ddc0b

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO-no 74GW0942.exe

Resource

win7v20210410

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO-no 74GW0942.exe

Resource

win10v20210408

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
project2021blessinggoodgood2+me

Targets

- Target
  
  PO-no 74GW0942.exe
- Size
  
  837KB
- MD5
  
  4cde3609b918d4ef83a1f50dd0e6bc8e
- SHA1
  
  69878bfdfe1b730f802bfa6ad515efdef96aa43f
- SHA256
  
  5c4676ef5bd6f6d10826944d9e51efadb58fbbb936ff5f10d7aa91235c35946d
- SHA512
  
  7def65260ab6f04c0b4e3af4754e54d28bd6a289152692f047915b2cc9fb5f799ae47a605efe401f1e606b0c7f787be13b68ac1ec67ba88539a12d041c6d8f5f
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy