agenttesla | 17d2636add9f6f880c490347fbd54ed7f054eb37954eadcd04992efdb81d9204 | Triage

Submit
Reports

Overview

overview

Static

static

Order Requ...df.exe

windows7_x64

Order Requ...df.exe

windows10_x64

Sharing

General

Target

Order Request .pdf.exe
Size

677KB
Sample

210504-pt927drn16
MD5

2ad72a3933556e1d30a06ae454a17d54
SHA1

0e175a0e16cbd071c5d84bbef369586c49b67446
SHA256

17d2636add9f6f880c490347fbd54ed7f054eb37954eadcd04992efdb81d9204
SHA512

94472bb40426db8dbd8d0474a3d7386e2784b95d98c551252b7b3a5862a67bb50e5ca037b0d175ec80cb62e3ebf5fa68a7acd695a44960953b5078a07842c021

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Order Request .pdf.exe

Resource

win7v20210410

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Order Request .pdf.exe

Resource

win10v20210408

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.abanit.net
Port:
587
Username:
sumon@abanit.net
Password:
WICUcoF4

Targets

- Target
  
  Order Request .pdf.exe
- Size
  
  677KB
- MD5
  
  2ad72a3933556e1d30a06ae454a17d54
- SHA1
  
  0e175a0e16cbd071c5d84bbef369586c49b67446
- SHA256
  
  17d2636add9f6f880c490347fbd54ed7f054eb37954eadcd04992efdb81d9204
- SHA512
  
  94472bb40426db8dbd8d0474a3d7386e2784b95d98c551252b7b3a5862a67bb50e5ca037b0d175ec80cb62e3ebf5fa68a7acd695a44960953b5078a07842c021
Score

10^/10

agenttesla keylogger spyware stealer trojan persistence
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy