agenttesla | 53489c9133ab9bd888329220b13b33ad41ccb30916bd6daf284ce07f699ca9a7 | Triage

Submit
Reports

Overview

overview

Static

static

183287857-...DF.vbs

windows7_x64

183287857-...DF.vbs

windows10_x64

Sharing

General

Target

183287857-050118-sanlccjavap0004-6561_PDF.rar
Size

394B
Sample

211021-1g9xlaagh5
MD5

1923dd5e24044a7abe591e4161b3cf3a
SHA1

ec26dd6fa0f271a5d503e8e6174edfe32991f813
SHA256

53489c9133ab9bd888329220b13b33ad41ccb30916bd6daf284ce07f699ca9a7
SHA512

f4ebe4dfbb056a500737950a3beb8cff26545805853d4e79ea1d057c96a1c3331b5929e03244f172900d02fb3aeb43fdf3edf26eef538dbeb554055f5dc8c7ef

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

183287857-050118-sanlccjavap0004-6561_PDF.vbs

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

183287857-050118-sanlccjavap0004-6561_PDF.vbs

Resource

win10-en-20211014

agenttesla collection keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://202.55.132.106/Bypass3.txt

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1923270472:AAFHljVp-f8Q5-X0iy70Vfe0aTch5THPa-U/sendDocument

Targets

- Target
  
  183287857-050118-sanlccjavap0004-6561_PDF.vbs
- Size
  
  440B
- MD5
  
  fd5d9dd54f30ebeda49b3f3d9d57d1c6
- SHA1
  
  bdc86ae73f8ea542af15ed6a5643b1a9cfd8ea51
- SHA256
  
  75e81b26f76f0050408e59a9d3606e0ee6d474ffa9e2296187f582884fa2f59f
- SHA512
  
  60857407aa6143be42149dac675348dcbfaa1a9ed8dd66e66fe936dbabca8dd490d3019573fe940631741047e7edb0b0df9730a33ccaf48aed077e939608b7b9
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Blocklisted process makes network request
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy