agenttesla | 0b12989e32cb7fd51824f5ad2d7e64e7535febf42d63c84626f6fb0a9a69b316 | Triage

Submit
Reports

Overview

overview

Static

static

Bank details.exe

windows7_x64

Bank details.exe

windows10_x64

Sharing

General

Target

Bank details.r15
Size

375KB
Sample

210915-he714saaa6
MD5

bf605903d8bcb21d342e4557264682e6
SHA1

8e5c0c07f2f483556415cf8bebdf8a5aad038c74
SHA256

0b12989e32cb7fd51824f5ad2d7e64e7535febf42d63c84626f6fb0a9a69b316
SHA512

3cb26436b71774885f8b0373a2115dc3448edec78bd10ff7486bdf8d0a2cd92eafdc84fddcff83e1c64b484d7f8c4814a83148f46cfd08bc31197a29e5e042b0

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Bank details.exe

Resource

win7v20210408

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Bank details.exe

Resource

win10-en

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
uscentral50.myserverhosts.com
Port:
587
Username:
sales@radheatwaters.com
Password:
waters@789

Targets

- Target
  
  Bank details.exe
- Size
  
  423KB
- MD5
  
  3bf82d500366aa323bab9365a2300c9a
- SHA1
  
  9228407c77e24e119e903a0aeffbc6b0ae6dfa0e
- SHA256
  
  d27fd6c029cf8ee94e3765d738300478d94ce269c91b27e883b607684a86e393
- SHA512
  
  1bb55271378bca6be0b6773325e1542ea29e1d84fc589415ff2c364c1d81472194b51df9f39c37c62a0785255f256f1773dd65bc36f726e8eddad65e6a8402d7
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy