agenttesla | de0b80f33037ee2253015508b278b103356b4ca38df599ecb1c91fa1403211c2 | Triage

Submit
Reports

Overview

overview

Static

static

Request fo...df.exe

windows7_x64

Request fo...df.exe

windows10_x64

Sharing

General

Target

Request for Quotation-4505527156.pdf.exe
Size

808KB
Sample

210511-zqqjhwmhm6
MD5

53ee1719315e25f5a485e032b7596c89
SHA1

ba28ef98dc4e74277c0fe370a7dd21e655b1abd4
SHA256

de0b80f33037ee2253015508b278b103356b4ca38df599ecb1c91fa1403211c2
SHA512

3f0b0ecb915e8d5ab4aec38049d00e5368d1d256110d4a8544444bec3db402ea02897111aefaa517d427de5ebf971b5bd7e38f1b2ea622d53552d3d3ee2818ce

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Request for Quotation-4505527156.pdf.exe

Resource

win7v20210408

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Request for Quotation-4505527156.pdf.exe

Resource

win10v20210408

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.saudimedlabexpo.com
Port:
587
Username:
info@saudimedlabexpo.com
Password:
]dTqP-]^T]Pt

Targets

- Target
  
  Request for Quotation-4505527156.pdf.exe
- Size
  
  808KB
- MD5
  
  53ee1719315e25f5a485e032b7596c89
- SHA1
  
  ba28ef98dc4e74277c0fe370a7dd21e655b1abd4
- SHA256
  
  de0b80f33037ee2253015508b278b103356b4ca38df599ecb1c91fa1403211c2
- SHA512
  
  3f0b0ecb915e8d5ab4aec38049d00e5368d1d256110d4a8544444bec3db402ea02897111aefaa517d427de5ebf971b5bd7e38f1b2ea622d53552d3d3ee2818ce
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy