agenttesla | 53489c9133ab9bd888329220b13b33ad41ccb30916bd6daf284ce07f699ca9a7 | Triage

Submit
Reports

Overview

overview

Static

static

183287857-...DF.vbs

windows7_x64

183287857-...DF.vbs

windows10_x64

Sharing

General

Target

183287857-050118-sanlccjavap0004-6561_PDF.rar
Size

394B
Sample

211021-1g9xlaagh5
MD5

1923dd5e24044a7abe591e4161b3cf3a
SHA1

ec26dd6fa0f271a5d503e8e6174edfe32991f813
SHA256

53489c9133ab9bd888329220b13b33ad41ccb30916bd6daf284ce07f699ca9a7
SHA512

f4ebe4dfbb056a500737950a3beb8cff26545805853d4e79ea1d057c96a1c3331b5929e03244f172900d02fb3aeb43fdf3edf26eef538dbeb554055f5dc8c7ef

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

183287857-050118-sanlccjavap0004-6561_PDF.vbs

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

183287857-050118-sanlccjavap0004-6561_PDF.vbs

Resource

win10-en-20211014

agenttesla collection keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://202.55.132.106/Bypass3.txt

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1923270472:AAFHljVp-f8Q5-X0iy70Vfe0aTch5THPa-U/sendDocument

Targets

- Target
  
  183287857-050118-sanlccjavap0004-6561_PDF.vbs
- Size
  
  440B
- MD5
  
  fd5d9dd54f30ebeda49b3f3d9d57d1c6
- SHA1
  
  bdc86ae73f8ea542af15ed6a5643b1a9cfd8ea51
- SHA256
  
  75e81b26f76f0050408e59a9d3606e0ee6d474ffa9e2296187f582884fa2f59f
- SHA512
  
  60857407aa6143be42149dac675348dcbfaa1a9ed8dd66e66fe936dbabca8dd490d3019573fe940631741047e7edb0b0df9730a33ccaf48aed077e939608b7b9
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Blocklisted process makes network request
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy