agenttesla | 99b84223a505faa4dcd483e6e925dddfe5a890b41aa92b5e4ef5239a26036075 | Triage

Submit
Reports

Overview

overview

Static

static

8

RFQ No3756368.ppt

windows7_x64

RFQ No3756368.ppt

windows10_x64

Sharing

General

Target

RFQ No3756368.ppt
Size

78KB
Sample

210422-ssqqw7338s
MD5

4b485ae386bfa68a2eeac2dc35bda606
SHA1

8086ec71e34fd18a1a8e3e20721bc466caf3cda4
SHA256

99b84223a505faa4dcd483e6e925dddfe5a890b41aa92b5e4ef5239a26036075
SHA512

7918aedf847172a8dfed81931ebe5247a627922d5042d6a10799089dd8bb711a1a8f4dc5301e5b65a0f8a27d11f8d815b7d615bb157854a70d1b5a93e8cb09d5

Score

10^/10

agenttesla keylogger macro persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RFQ No3756368.ppt

Resource

win7v20210408

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ No3756368.ppt

Resource

win10v20210410

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.raceinfo.co.za
Port:
587
Username:
[email protected]
Password:
@ProtimeSport2021

Targets

- Target
  
  RFQ No3756368.ppt
- Size
  
  78KB
- MD5
  
  4b485ae386bfa68a2eeac2dc35bda606
- SHA1
  
  8086ec71e34fd18a1a8e3e20721bc466caf3cda4
- SHA256
  
  99b84223a505faa4dcd483e6e925dddfe5a890b41aa92b5e4ef5239a26036075
- SHA512
  
  7918aedf847172a8dfed81931ebe5247a627922d5042d6a10799089dd8bb711a1a8f4dc5301e5b65a0f8a27d11f8d815b7d615bb157854a70d1b5a93e8cb09d5
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- AgentTesla Payload
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy