agenttesla | 804879b5f78a4dfc5ecda6c01e3ff45f487785d73cb70dfce4f46e35f639db3f | Triage

Submit
Reports

Overview

overview

Static

static

Swift Copy.pdf.exe

windows7_x64

Swift Copy.pdf.exe

windows10_x64

Sharing

General

Target

Swift Copy.pdf.zip
Size

805KB
Sample

210511-hype4armwe
MD5

3c054d423412a05d9ecf037c6220ef86
SHA1

cbeaca0e5d6d4005e471fb8f3fc8e3228ac924ee
SHA256

804879b5f78a4dfc5ecda6c01e3ff45f487785d73cb70dfce4f46e35f639db3f
SHA512

afe4033870fa6eda4da083e2e97d42f4b8ead630db0129c1719665d7328cf7e3fbf9b2072b534f52e249fd116a8a6830f9e84e7c5f26a0068759c4934d7911dd

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Swift Copy.pdf.exe

Resource

win7v20210410

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Swift Copy.pdf.exe

Resource

win10v20210410

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.saudimedlabexpo.com
Port:
587
Username:
info@saudimedlabexpo.com
Password:
]dTqP-]^T]Pt

Targets

- Target
  
  Swift Copy.pdf.exe
- Size
  
  889KB
- MD5
  
  dd2eb46743bf230998439673e3deba99
- SHA1
  
  4871d34e0db77e32f627e74b92e9a9fbdef7a21a
- SHA256
  
  ab417e35533138c082445ac1997401837c2be3af4527860f3b5c30dcabd325cb
- SHA512
  
  9ddf626833dc5551ad869214590c23b11e8ca16bc37959608c960f283bfef027b451a8f7fabff9d0678d24cabf2de12a509c8a75e524643cf29faf2a1d275b33
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy