agenttesla | 9eb87a2416b79b100ca24fa57d1bfa15fcce90a44f5cbb10353ed7e873394753 | Triage

Submit
Reports

Overview

overview

Static

static

RFQ Ranger Neo.doc

windows7_x64

RFQ Ranger Neo.doc

windows10_x64

1

Sharing

General

Target

RFQ Ranger Neo.doc
Size

4KB
Sample

210721-hfpfkkas5s
MD5

d51db0f037f97835cb334b38b4ce772f
SHA1

ebdd88a747493385c96da530271e214df874f0ab
SHA256

9eb87a2416b79b100ca24fa57d1bfa15fcce90a44f5cbb10353ed7e873394753
SHA512

094f8019710b1a176bd5bc55ad34ce36f7e01944d1376ffd8bde1b807bbd4e6cfc02c2903027acf0b6912a0a9d6f39ce3397d37e4106584a6187e90a9483f966

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RFQ Ranger Neo.doc

Resource

win7v20210408

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ Ranger Neo.doc

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
Neways@123

Targets

- Target
  
  RFQ Ranger Neo.doc
- Size
  
  4KB
- MD5
  
  d51db0f037f97835cb334b38b4ce772f
- SHA1
  
  ebdd88a747493385c96da530271e214df874f0ab
- SHA256
  
  9eb87a2416b79b100ca24fa57d1bfa15fcce90a44f5cbb10353ed7e873394753
- SHA512
  
  094f8019710b1a176bd5bc55ad34ce36f7e01944d1376ffd8bde1b807bbd4e6cfc02c2903027acf0b6912a0a9d6f39ce3397d37e4106584a6187e90a9483f966
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy