agenttesla | 3638135eb0f487e5b5b003d1f090554b0f6fe96ac90da04a1ff683156b164bd7 | Triage

Submit
Reports

Overview

overview

Static

static

REVISE QUO...K).exe

windows7_x64

REVISE QUO...K).exe

windows10_x64

Sharing

General

Target

REVISE QUOTATION 21.04.2021.pdf (113K).rar
Size

642KB
Sample

210422-ylv48kyaze
MD5

6b989d90c73fa32a2cbeb1b051644d4c
SHA1

ca38117a75bb4948984a78d718c927f0030257c9
SHA256

3638135eb0f487e5b5b003d1f090554b0f6fe96ac90da04a1ff683156b164bd7
SHA512

ee9cdffc8a259672c9fa90e6e46aab2152678b88ee33a76573a85fd72e54119b624a002aac6c253ec2d83dad3409725757648a1defb604142268eb501f266aa9

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

REVISE QUOTATION 21.04.2021.pdf (113K).exe

Resource

win7v20210408

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

REVISE QUOTATION 21.04.2021.pdf (113K).exe

Resource

win10v20210410

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.snacksnco.com
Port:
587
Username:
aslam.ghanchi@snacksnco.com
Password:
aslam.ghanchi

Targets

- Target
  
  REVISE QUOTATION 21.04.2021.pdf (113K).exe
- Size
  
  1.1MB
- MD5
  
  89ca2118db943ad848bec5c57179ff90
- SHA1
  
  228f8081288f70c35f33e5edd5394c1fb8a6cdd6
- SHA256
  
  78af4e9c1f31817ce195cd77aea8659a75148c5a302b35e9c17f2ff93a696a0c
- SHA512
  
  480e02364f8dd07f423d33c9a3763e6a04e2506093e5f1875e6052bbf6afa4e015814307d420d1b2b76bbd0463ec90c0637ce4fbdf0b057efacb34209b640eba
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy