agenttesla | c1a3563931fa2243d1ebb352779d3d94869ee26a38c87c257c2a02022845986a | Triage

Submit
Reports

Overview

overview

Static

static

PRINT.doc

windows7_x64

PRINT.doc

windows10_x64

1

Sharing

General

Target

PRINT.doc
Size

3KB
Sample

210727-sja5akvxlx
MD5

66dd7813d08a65abe076c78f3b2e2699
SHA1

cd2a9026496865e395723ccb68a39fabeed06f2c
SHA256

c1a3563931fa2243d1ebb352779d3d94869ee26a38c87c257c2a02022845986a
SHA512

68cd37dab8b5c57ee6552671fda211f6f8f120024f6ad4a21462e1e9b5114091a4ef39cf1359eb0c76d69c58e2c02cba0055868a2b13b48267f392db750e96ac

Score

10^/10

agenttesla keylogger spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

PRINT.doc

Resource

win7v20210408

agenttesla keylogger spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PRINT.doc

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
chamara.kuruppu@organigram-ca.icu
Password:
HELPMEGOD@1321

Targets

- Target
  
  PRINT.doc
- Size
  
  3KB
- MD5
  
  66dd7813d08a65abe076c78f3b2e2699
- SHA1
  
  cd2a9026496865e395723ccb68a39fabeed06f2c
- SHA256
  
  c1a3563931fa2243d1ebb352779d3d94869ee26a38c87c257c2a02022845986a
- SHA512
  
  68cd37dab8b5c57ee6552671fda211f6f8f120024f6ad4a21462e1e9b5114091a4ef39cf1359eb0c76d69c58e2c02cba0055868a2b13b48267f392db750e96ac
Score

10^/10

agenttesla keylogger spyware stealer suricata trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- AgentTesla Payload
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Exploitation for Client Execution

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealersuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy