agenttesla | 53c98412c17c1a408f79f6a2ed8de3bf51c970eb6968e7e9b41bc38fa9e242ed | Triage

Submit
Reports

Overview

overview

Static

static

AS4852.exe

windows7_x64

AS4852.exe

windows10_x64

Sharing

General

Target

AS4852.exe
Size

878KB
Sample

210421-fkppabzs2x
MD5

8e89d91f85cfff34a8d12ede04b1614c
SHA1

d3d52466a4ca5e6be70c023786be9c0f5da4f441
SHA256

53c98412c17c1a408f79f6a2ed8de3bf51c970eb6968e7e9b41bc38fa9e242ed
SHA512

d90783f712c5f012d920b9f95027edc898f8ef0b1e85665982929c082bf9eccab101b9c715f2c50e6a93cf2eac162b0e2520d12a2a3dbc0dd3b7e9ec7b7fda53

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

AS4852.exe

Resource

win7v20210408

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

AS4852.exe

Resource

win10v20210410

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://45.141.152.18/
Port:
21
Username:
farmlogs@vancrenanbroek.com
Password:
wTk4W1Uhkp5u

Targets

- Target
  
  AS4852.exe
- Size
  
  878KB
- MD5
  
  8e89d91f85cfff34a8d12ede04b1614c
- SHA1
  
  d3d52466a4ca5e6be70c023786be9c0f5da4f441
- SHA256
  
  53c98412c17c1a408f79f6a2ed8de3bf51c970eb6968e7e9b41bc38fa9e242ed
- SHA512
  
  d90783f712c5f012d920b9f95027edc898f8ef0b1e85665982929c082bf9eccab101b9c715f2c50e6a93cf2eac162b0e2520d12a2a3dbc0dd3b7e9ec7b7fda53
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy