agenttesla | f5ee737b249404364f5a612625968bfac7bc890798c9d66c9c0467032638fc6c | Triage

Submit
Reports

Overview

overview

Static

static

4207f7b131...in.exe

windows7_x64

4207f7b131...in.exe

windows10_x64

Sharing

General

Target

9a.zip
Size

842KB
Sample

210511-rcfjwfg1e2
MD5

4dd27d98135d6d880614ca52b80ece2a
SHA1

b1410fea52e8c6a9ebc0ac4dbdc9a3e965e4c02b
SHA256

f5ee737b249404364f5a612625968bfac7bc890798c9d66c9c0467032638fc6c
SHA512

e374e35541ea11a72ebb482d9a5b6792666dcdf33fb3dec8b10dec4ab258d075d7dde786694f9aece351a9b05a3186d2b1f6055748b7dfc5bafa93f52102ed7a

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

4207f7b13155e7caf8897d4d119f808699093d79e63037c79c0feec1cd7cf997.bin.exe

Resource

win7v20210410

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4207f7b13155e7caf8897d4d119f808699093d79e63037c79c0feec1cd7cf997.bin.exe

Resource

win10v20210410

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
webmail.myremediez.com
Port:
587
Username:
sales@myremediez.com
Password:
123123456

Targets

- Target
  
  4207f7b13155e7caf8897d4d119f808699093d79e63037c79c0feec1cd7cf997.bin
- Size
  
  1006KB
- MD5
  
  038ece8f6c92ccb2dd38133d85e80caf
- SHA1
  
  96a2e3466f10d59020501b076cfab07f237bb7c1
- SHA256
  
  4207f7b13155e7caf8897d4d119f808699093d79e63037c79c0feec1cd7cf997
- SHA512
  
  8af98ef60f05ffc9324647bad8214989883f2128eac44814c7f37730f7a4d4e7019c495015a3460a15fb411f78559a60dbad528c151d07df9a2cc030c7f1ce23
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy