agenttesla | 5bc6c8848174187f2b4ef2a36356edd96e3d6f438d7bb0009825fc3b8a937cc1 | Triage

Submit
Reports

Overview

overview

Static

static

RFQ12_AMD20200422.exe

windows7_x64

RFQ12_AMD20200422.exe

windows10_x64

Sharing

General

Target

_RFQ12_AMD20200422.rar
Size

563KB
Sample

210423-9ec3wn6qf6
MD5

213122df1b31334e57b3b18c0feb5162
SHA1

bbd048d453264a7d20dcb75a660cbdc758831abc
SHA256

5bc6c8848174187f2b4ef2a36356edd96e3d6f438d7bb0009825fc3b8a937cc1
SHA512

5d2106d426f1946d7def1993cc038129f81cbc3a38b2677af6ab3b889938dab99828469a722520676c4c0fde6e1144872159a832a2f456b5ea105a4e65c7754e

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RFQ12_AMD20200422.exe

Resource

win7v20210408

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ12_AMD20200422.exe

Resource

win10v20210410

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.qdsaes.com
Port:
587
Username:
andy@qdsaes.com
Password:
)oNvVYl5ceo2121

Targets

- Target
  
  RFQ12_AMD20200422.exe
- Size
  
  856KB
- MD5
  
  0c2f04abf97efca32e1c920a70709122
- SHA1
  
  a2d913ce122c815024e546ace827405388c41a3e
- SHA256
  
  e07ba21e5d098a88ce3e45d9ed869b30726c31bd13b6a88205a80265a45f605c
- SHA512
  
  b5ace9e02ce711dff299c151b27f4323603bb946e318048a6de38aef1e2b2f27aca2f9cb735675e4f713349b4cbbbf193d691ae6628d12a62b57052786577491
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy