agenttesla | 93355cb08ff1efcf385845bfb2a410eef954da4d2d71a502e67158b33f95b1ba | Triage

Submit
Reports

Overview

overview

Static

static

RFQ from G...2.xlsx

windows7_x64

RFQ from G...2.xlsx

windows10_x64

1

Sharing

General

Target

RFQ from GNQ(P12516) _21062.xlsx
Size

369KB
Sample

211021-raecnsbccq
MD5

0ae14ec642b024074339270da16bbfdd
SHA1

b220f12353df4e487af55e8d552d77d46f264760
SHA256

93355cb08ff1efcf385845bfb2a410eef954da4d2d71a502e67158b33f95b1ba
SHA512

76373e0e1ff00a7251082a58bc88a43a1f69a4a7d8d9619a347aef1437278db6fe3aa6b6f1b58b4390e9d23ce90a8bf6069f4411e4903f67a0a797acef3622eb

Score

10^/10

agenttesla keylogger spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

RFQ from GNQ(P12516) _21062.xlsx

Resource

win7-en-20211014

agenttesla keylogger spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ from GNQ(P12516) _21062.xlsx

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.scahe.co.in
Port:
587
Username:
sj@scahe.co.in
Password:
scaheavy@12345

Targets

- Target
  
  RFQ from GNQ(P12516) _21062.xlsx
- Size
  
  369KB
- MD5
  
  0ae14ec642b024074339270da16bbfdd
- SHA1
  
  b220f12353df4e487af55e8d552d77d46f264760
- SHA256
  
  93355cb08ff1efcf385845bfb2a410eef954da4d2d71a502e67158b33f95b1ba
- SHA512
  
  76373e0e1ff00a7251082a58bc88a43a1f69a4a7d8d9619a347aef1437278db6fe3aa6b6f1b58b4390e9d23ce90a8bf6069f4411e4903f67a0a797acef3622eb
Score

10^/10

agenttesla keylogger spyware stealer suricata trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- AgentTesla Payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealersuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy