agenttesla

General

Target

12604641281011e9afe4a10e1d2e4729ad39f0cd.zip
Size

1.2MB
Sample

211014-pgekxahee3
MD5

1a8013eac7aad5bd9190df0a623fd62b
SHA1

12604641281011e9afe4a10e1d2e4729ad39f0cd
SHA256

4ba81036ae68eb0b4e5e5528e1109e39d9f94684de3903eb714009293a4a750c
SHA512

6fab1a3c751298d29060b48a519c67e064df583c030101252b4df68be798d1ee126eb0ddfc06622530d315170cb0ac791726bd00a9d6a9e2c2045c3e2c7fe580

Score

10^/10

agenttesla formbook en keylogger persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

en

C2

http://www.alliancefb.com/support/en/

Decoy

fortezza.tours

unicornoptical.com

freezeframegame.com

osocrossfit.com

cutass.com

zhongrisk.com

seasandoman.com

global-care-recruiting.info

whenwesaywehaveitwedo.com

mithlapainting.com

sandringhamdarlington.net

futurevalleycontracting.com

goochandhousego.pro

valentindimitrov.com

maple-events.com

yourcreditchoice.com

virginity.bid

electricindians.com

intlgcap.com

ternionathletics.com

Targets

- Target
  
  2145RFQ14102021.rtf.lnk
- Size
  
  5.4MB
- MD5
  
  85e44c6e99f5f4043fc2c993b6fa633b
- SHA1
  
  21b3e0a10dd9798ef71fe073cdad7cfdadbfdeae
- SHA256
  
  62fab79e945bc629c110f21c9db37c8c0cc441ad15e73c1c1349fbef986b3789
- SHA512
  
  7c2f7183d40ac7bab91fa1a572c625e38e8f7ec848d54b7a937b6a33acc5868df3af72ae3a6187e8720303ff7aa7d00e7895ff77adfd504d8b394dacb34d30ff
Score

10^/10

agenttesla formbook en keylogger persistence rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- AgentTesla Payload
- Formbook Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook

AgentTesla Payload

Formbook Payload

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2