agenttesla | ab417e35533138c082445ac1997401837c2be3af4527860f3b5c30dcabd325cb | Triage

Submit
Reports

Overview

overview

Static

static

Swift Copy.pdf.exe

windows7_x64

Swift Copy.pdf.exe

windows10_x64

Sharing

General

Target

Swift Copy.pdf.exe
Size

889KB
Sample

210511-g1mr7r3qms
MD5

dd2eb46743bf230998439673e3deba99
SHA1

4871d34e0db77e32f627e74b92e9a9fbdef7a21a
SHA256

ab417e35533138c082445ac1997401837c2be3af4527860f3b5c30dcabd325cb
SHA512

9ddf626833dc5551ad869214590c23b11e8ca16bc37959608c960f283bfef027b451a8f7fabff9d0678d24cabf2de12a509c8a75e524643cf29faf2a1d275b33

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Swift Copy.pdf.exe

Resource

win7v20210410

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Swift Copy.pdf.exe

Resource

win10v20210410

agenttesla keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.saudimedlabexpo.com
Port:
587
Username:
info@saudimedlabexpo.com
Password:
]dTqP-]^T]Pt

Targets

- Target
  
  Swift Copy.pdf.exe
- Size
  
  889KB
- MD5
  
  dd2eb46743bf230998439673e3deba99
- SHA1
  
  4871d34e0db77e32f627e74b92e9a9fbdef7a21a
- SHA256
  
  ab417e35533138c082445ac1997401837c2be3af4527860f3b5c30dcabd325cb
- SHA512
  
  9ddf626833dc5551ad869214590c23b11e8ca16bc37959608c960f283bfef027b451a8f7fabff9d0678d24cabf2de12a509c8a75e524643cf29faf2a1d275b33
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy