agenttesla | d1c3ee4a810f5982b96ee6383971ec82db75285f2f230765dc38690e81029ff1 | Triage

Submit
Reports

Overview

overview

Static

static

494edbe200...c2.exe

windows7_x64

494edbe200...c2.exe

windows10_x64

Sharing

General

Target

5814321850515456.zip
Size

720KB
Sample

210727-89my6k3jsa
MD5

4f756ed206b879ea407cb64a80b75508
SHA1

27bab31ce89dd33fbf633cd7a5bab1fcbb5ac40d
SHA256

d1c3ee4a810f5982b96ee6383971ec82db75285f2f230765dc38690e81029ff1
SHA512

669cfd7e9d311e31aa0baa92f648d1db12a71868717c260329333956b529ec88d2d7b3646823d1b9a0fdc1511aa980258ebc350066611c756ca97952a0ceab72

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

494edbe20027214460af19f45f052f9ccc54db18f438572ce41d607bffc227c2.exe

Resource

win7v20210408

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

494edbe20027214460af19f45f052f9ccc54db18f438572ce41d607bffc227c2.exe

Resource

win10v20210410

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://fashionandsorucing.com/
Port:
21
Username:
Farmlogs@fashionandsorucing.com
Password:
MNZsxGLNtfYc

Targets

- Target
  
  494edbe20027214460af19f45f052f9ccc54db18f438572ce41d607bffc227c2
- Size
  
  1017KB
- MD5
  
  e2e3079ac8c5cbbcc7073ca306ab42ac
- SHA1
  
  5236549f1fbe0f93f4bde89e6e96a34ff98894c3
- SHA256
  
  494edbe20027214460af19f45f052f9ccc54db18f438572ce41d607bffc227c2
- SHA512
  
  84743366be0864382a0e6ad02a0c6440a31686d50ce1c40f5014e2456c0daaca6a74f8fd28373bd0bb739dacf1f4b8932fad5f18f3554fac67f46bff5c2d9d6c
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy