agenttesla | 77d9c6cab92d3f2ab2a99f1f6fc4a2e573b0589d7b524b6d79ae573fffaf0de3 | Triage

Submit
Reports

Overview

overview

Static

static

Purchase O...21.exe

windows7_x64

Purchase O...21.exe

windows10_x64

Sharing

General

Target

Purchase Order dt 18.19. 2021.zip
Size

101KB
Sample

211019-d4r9qsgahq
MD5

a743f1e15a9b879774f514c847b01692
SHA1

94835fab270ff1a648e5fc766319d03a5bb9c115
SHA256

77d9c6cab92d3f2ab2a99f1f6fc4a2e573b0589d7b524b6d79ae573fffaf0de3
SHA512

ebae861e3c8d6d70bcda091141bd5dfc62dd5698e68701a56314fcb7c3d74b0046739eb14fb98cd02e49902ea1d6a249ddf4154571ed6a0e59330afaf89bf510

Score

10^/10

agenttesla collection keylogger spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

Purchase Order dt 18.19. 2021.exe

Resource

win7-en-20210920

agenttesla collection keylogger spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Purchase Order dt 18.19. 2021.exe

Resource

win10-en-20211014

agenttesla collection keylogger spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1481923647:AAGiBTAuCt4mxLt_RWPYNlSpw01yplTkoZI/sendDocument

Targets

- Target
  
  Purchase Order dt 18.19. 2021.exe
- Size
  
  129KB
- MD5
  
  2797c66fef6b7a39fa7333cca468eb02
- SHA1
  
  7b15eb0f0725320b7f0ef32acd1535255b89bc2b
- SHA256
  
  9cca70423e0b22c6ffa39388a06346804a869e392cdf0cbe7ec9905db30bbcf3
- SHA512
  
  aa0c9f8f595068a1ef9dcb5273fe69bade86dc2aaab148b1bcdd86321987075b6529bf888c65317c7a492315314101036dbbf1da9275af5597df128031828eb3
Score

10^/10

agenttesla collection keylogger spyware stealer suricata trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
  suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- AgentTesla Payload
- Downloads MZ/PE file
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealersuricatatrojan

behavioral2

agentteslacollectionkeyloggerspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy