agenttesla | 45748cae60c27bb027d6d92ad469942a33f4c500fbd4406bfc77a5ca42165f6b | Triage

Submit
Reports

Overview

overview

Static

static

AS4852.exe

windows7_x64

3

AS4852.exe

windows10_x64

Sharing

General

Target

AS4852.pdf.7z
Size

589KB
Sample

210421-n3vz4jwaxn
MD5

db92f30233835a185e9059398fdedfbc
SHA1

f1dc27ec47e61f17c7b0bd217f72c710908ab795
SHA256

45748cae60c27bb027d6d92ad469942a33f4c500fbd4406bfc77a5ca42165f6b
SHA512

4b9054f9e7b243db7b80a26ce2d1491abd346da311f56811fd7736142960205af1a55d327550c2ea808d09c96a193e0faace94ed1e94e6447d4d3931536f968a

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

AS4852.exe

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

AS4852.exe

Resource

win10v20210410

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://45.141.152.18/
Port:
21
Username:
farmlogs@vancrenanbroek.com
Password:
wTk4W1Uhkp5u

Targets

- Target
  
  AS4852.exe
- Size
  
  878KB
- MD5
  
  8e89d91f85cfff34a8d12ede04b1614c
- SHA1
  
  d3d52466a4ca5e6be70c023786be9c0f5da4f441
- SHA256
  
  53c98412c17c1a408f79f6a2ed8de3bf51c970eb6968e7e9b41bc38fa9e242ed
- SHA512
  
  d90783f712c5f012d920b9f95027edc898f8ef0b1e85665982929c082bf9eccab101b9c715f2c50e6a93cf2eac162b0e2520d12a2a3dbc0dd3b7e9ec7b7fda53
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy