agenttesla | 39fcf7c07a057d9770dd0e5315e47fc23767f00ce3d31cb2e6d91d235415d9d2 | Triage

Submit
Reports

Overview

overview

Static

static

ORDER . 45...2 .doc

windows7_x64

ORDER . 45...2 .doc

windows10_x64

1

Sharing

General

Target

ORDER . 4500028602 .doc
Size

4KB
Sample

210722-ssk99stcyn
MD5

481c22b5e46aee29787378d65d00fc92
SHA1

c661b85631510dbb9010d5c6d0e4ad71bf0d2bae
SHA256

39fcf7c07a057d9770dd0e5315e47fc23767f00ce3d31cb2e6d91d235415d9d2
SHA512

fcf4aaeca8bb7308339f6ff29cdc5a52556d9765d2ddcc18816cfff7bcad0fa033301d8cdc4791aa67053e128fb5fca7f9b7faa53b628d5e3eddbb2d7a41c701

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

ORDER . 4500028602 .doc

Resource

win7v20210408

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ORDER . 4500028602 .doc

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
accounts@trialseqco-uk.icu
Password:
NewMexcico@123

Targets

- Target
  
  ORDER . 4500028602 .doc
- Size
  
  4KB
- MD5
  
  481c22b5e46aee29787378d65d00fc92
- SHA1
  
  c661b85631510dbb9010d5c6d0e4ad71bf0d2bae
- SHA256
  
  39fcf7c07a057d9770dd0e5315e47fc23767f00ce3d31cb2e6d91d235415d9d2
- SHA512
  
  fcf4aaeca8bb7308339f6ff29cdc5a52556d9765d2ddcc18816cfff7bcad0fa033301d8cdc4791aa67053e128fb5fca7f9b7faa53b628d5e3eddbb2d7a41c701
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Exploitation for Client Execution

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy