agenttesla | febdbb2078e5f14e3f534dac4dcf387097c8168f8e803ff98f642b9a99517865 | Triage

Submit
Reports

Overview

overview

Static

static

sample04052021.xlsx

windows7_x64

sample04052021.xlsx

windows10_x64

1

Sharing

General

Target

sample04052021.xlsx
Size

1.0MB
Sample

210504-d6mwybsl5e
MD5

ad7c902b259476d340eb66125aa4846c
SHA1

96b5a7b3dbc729d794d9ff1af2701dfc8a82ee24
SHA256

febdbb2078e5f14e3f534dac4dcf387097c8168f8e803ff98f642b9a99517865
SHA512

0144c0eb50014037eb177c1b4e93dae3183b41884db8f7f63a76ee9852f1ba23c4ab663144ea39cea6345a02a2cdc6244688553b0a95570ebb2a354f9261be17

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

sample04052021.xlsx

Resource

win7v20210410

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

sample04052021.xlsx

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.rodcointl.com
Port:
587
Username:
rodco@rodcointl.com
Password:
rodco110449a

Targets

- Target
  
  sample04052021.xlsx
- Size
  
  1.0MB
- MD5
  
  ad7c902b259476d340eb66125aa4846c
- SHA1
  
  96b5a7b3dbc729d794d9ff1af2701dfc8a82ee24
- SHA256
  
  febdbb2078e5f14e3f534dac4dcf387097c8168f8e803ff98f642b9a99517865
- SHA512
  
  0144c0eb50014037eb177c1b4e93dae3183b41884db8f7f63a76ee9852f1ba23c4ab663144ea39cea6345a02a2cdc6244688553b0a95570ebb2a354f9261be17
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Exploitation for Client Execution

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy