agenttesla | 9a597f3b7ec4bb4a3e54c966b95ca6cb543ca467fbc9397a66713187d77a7b97 | Triage

Submit
Reports

Overview

overview

Static

static

WN4gbQOiEGOnFMa.exe

windows7_x64

WN4gbQOiEGOnFMa.exe

windows10_x64

Sharing

General

Target

WN4gbQOiEGOnFMa.exe
Size

601KB
Sample

210421-nzfykyzb9j
MD5

a4b94521170a0d99c8a9f0fe8c648561
SHA1

b7a942b4c7704562e23d2e888a07a026fb49fe7d
SHA256

9a597f3b7ec4bb4a3e54c966b95ca6cb543ca467fbc9397a66713187d77a7b97
SHA512

0e4947fe3b205793521344ce09e9f9d67359d6166a1c954fc227cd1d3df5505b1c615eff7e5fbd1e64a7e2e845751e03603ef0c11ff107b63933a43fbc0a9a1b

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

WN4gbQOiEGOnFMa.exe

Resource

win7v20210410

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

WN4gbQOiEGOnFMa.exe

Resource

win10v20210408

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
a2plcpnl0347.prod.iad2.secureserver.net
Port:
587
Username:
marketing@eximindiacorporation.com
Password:
Admin_123

Targets

- Target
  
  WN4gbQOiEGOnFMa.exe
- Size
  
  601KB
- MD5
  
  a4b94521170a0d99c8a9f0fe8c648561
- SHA1
  
  b7a942b4c7704562e23d2e888a07a026fb49fe7d
- SHA256
  
  9a597f3b7ec4bb4a3e54c966b95ca6cb543ca467fbc9397a66713187d77a7b97
- SHA512
  
  0e4947fe3b205793521344ce09e9f9d67359d6166a1c954fc227cd1d3df5505b1c615eff7e5fbd1e64a7e2e845751e03603ef0c11ff107b63933a43fbc0a9a1b
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy