agenttesla | 11651b354e8f6611ab8aa9fc86ec94bfd0112cdfe8ebb4bbb2d8a6119a003ec5 | Triage

Submit
Reports

Overview

overview

Static

static

invoice.exe

windows7_x64

invoice.exe

windows10_x64

Sharing

General

Target

invoice.exe
Size

903KB
Sample

210511-p8q396mm1n
MD5

8eb7c6ab99d209a1f57014f438e17581
SHA1

e22da9380a096eccd01d91d0e9630d21a92f9c62
SHA256

11651b354e8f6611ab8aa9fc86ec94bfd0112cdfe8ebb4bbb2d8a6119a003ec5
SHA512

bb95b6453c60b54970d8d6b8280f8764e8c504f697f07577531c0589718e270bb8fd4aeca86965a474883ad4360c9d2c96f645c6bec2f815ac6c676fae91e3f0

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

invoice.exe

Resource

win7v20210408

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

invoice.exe

Resource

win10v20210410

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.rakub.org.bd
Port:
587
Username:
zmlalmonirhat@rakub.org.bd
Password:
zlal159357

Targets

- Target
  
  invoice.exe
- Size
  
  903KB
- MD5
  
  8eb7c6ab99d209a1f57014f438e17581
- SHA1
  
  e22da9380a096eccd01d91d0e9630d21a92f9c62
- SHA256
  
  11651b354e8f6611ab8aa9fc86ec94bfd0112cdfe8ebb4bbb2d8a6119a003ec5
- SHA512
  
  bb95b6453c60b54970d8d6b8280f8764e8c504f697f07577531c0589718e270bb8fd4aeca86965a474883ad4360c9d2c96f645c6bec2f815ac6c676fae91e3f0
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy