agenttesla | 594b6fc5ffe9608371a2853db4a54d89d5bef4294680bfd835fa05b20f575b17 | Triage

Submit
Reports

Overview

overview

Static

static

PO VASE.xlsx

windows7_x64

PO VASE.xlsx

windows10_x64

1

PO VASE.xlsx

macos_amd64

1

Sharing

General

Target

PO VASE.xlsx
Size

1.3MB
Sample

210722-thqpqvtpp6
MD5

08bfe97addcfdc8ea68d56a80a16621a
SHA1

2111b3ffb8b32bad9d341848bdab6688e280a222
SHA256

594b6fc5ffe9608371a2853db4a54d89d5bef4294680bfd835fa05b20f575b17
SHA512

f17cc20e7884ef6b1d446feeb35f65129ec4cfd3a86208c7b639d9b3d1ac36d51b92c5aa9ed31d20f20ea61b895aa071ed8755752581620e110087f36171cd91

Score

10^/10

agenttesla keylogger macos spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO VASE.xlsx

Resource

win7v20210408

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO VASE.xlsx

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

PO VASE.xlsx

Resource

macos

macos_amd64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.ccsp-india.com
Port:
587
Username:
vehicle@ccsp-india.com
Password:
Lkp$CcsP1008

Targets

- Target
  
  PO VASE.xlsx
- Size
  
  1.3MB
- MD5
  
  08bfe97addcfdc8ea68d56a80a16621a
- SHA1
  
  2111b3ffb8b32bad9d341848bdab6688e280a222
- SHA256
  
  594b6fc5ffe9608371a2853db4a54d89d5bef4294680bfd835fa05b20f575b17
- SHA512
  
  f17cc20e7884ef6b1d446feeb35f65129ec4cfd3a86208c7b639d9b3d1ac36d51b92c5aa9ed31d20f20ea61b895aa071ed8755752581620e110087f36171cd91
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

behavioral3

© 2018-2024

Terms | Privacy