agenttesla | a8e8a068ad37fffa43336ca0cc9f6aea938db591b91d22ffa61c97de2d4c3cc0 | Triage

Submit
Reports

Overview

overview

Static

static

QUOTATION 343.doc

windows7_x64

QUOTATION 343.doc

windows10_x64

1

Sharing

General

Target

QUOTATION 343.doc
Size

3KB
Sample

210728-2l7yj7fb4x
MD5

7187e199ddefe203d8d25be24ec5faa5
SHA1

11dd9bf957419a4608ab086b4af6d7e86eb1aa0b
SHA256

a8e8a068ad37fffa43336ca0cc9f6aea938db591b91d22ffa61c97de2d4c3cc0
SHA512

76da8b59b5ed845072852c7ed7c6e41206c802541e2d3787cff75cd56afc94481bc14e82d2b1e62223cb89aeedb6463ea3eeaac0c5abf61e914a92a8a97fa5a6

Score

10^/10

agenttesla keylogger spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

QUOTATION 343.doc

Resource

win7v20210410

agenttesla keylogger spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

QUOTATION 343.doc

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
NewMexcico@123

Targets

- Target
  
  QUOTATION 343.doc
- Size
  
  3KB
- MD5
  
  7187e199ddefe203d8d25be24ec5faa5
- SHA1
  
  11dd9bf957419a4608ab086b4af6d7e86eb1aa0b
- SHA256
  
  a8e8a068ad37fffa43336ca0cc9f6aea938db591b91d22ffa61c97de2d4c3cc0
- SHA512
  
  76da8b59b5ed845072852c7ed7c6e41206c802541e2d3787cff75cd56afc94481bc14e82d2b1e62223cb89aeedb6463ea3eeaac0c5abf61e914a92a8a97fa5a6
Score

10^/10

agenttesla keylogger spyware stealer suricata trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
  suricata
- AgentTesla Payload
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Exploitation for Client Execution

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealersuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy