agenttesla | 8c7d8fc2a97430056c231bcc2e3601fd27718e08c105171175789a6d86921cea | Triage

Submit
Reports

Overview

overview

Static

static

presupuesto.xlsx

windows7_x64

presupuesto.xlsx

windows10_x64

1

Sharing

General

Target

presupuesto.xlsx
Size

1.6MB
Sample

210511-jwkfzb8pl6
MD5

0c44a9fa4ce2184c319d7d2b1dc6e319
SHA1

fb24049452c8a31eab37ef00099b0604bd40cd95
SHA256

8c7d8fc2a97430056c231bcc2e3601fd27718e08c105171175789a6d86921cea
SHA512

a823ed02ed0129d55711b401ad175f877d4828e3c1040cad5cb83f04742d32ecf7b988ab8ba208af8f3a9226381377f953b1ca1bfdd22c96bda364c1ba13ca92

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

presupuesto.xlsx

Resource

win7v20210410

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

presupuesto.xlsx

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.kaeiser.com
Port:
587
Username:
sergio.arroyo@kaeiser.com
Password:
QIErWCn3

Targets

- Target
  
  presupuesto.xlsx
- Size
  
  1.6MB
- MD5
  
  0c44a9fa4ce2184c319d7d2b1dc6e319
- SHA1
  
  fb24049452c8a31eab37ef00099b0604bd40cd95
- SHA256
  
  8c7d8fc2a97430056c231bcc2e3601fd27718e08c105171175789a6d86921cea
- SHA512
  
  a823ed02ed0129d55711b401ad175f877d4828e3c1040cad5cb83f04742d32ecf7b988ab8ba208af8f3a9226381377f953b1ca1bfdd22c96bda364c1ba13ca92
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy