agenttesla | 828803e774a6a8a421b89862344bcce0445e8f38664baa1ceea169633fb3a73a | Triage

Submit
Reports

Overview

overview

Static

static

BANK COPY.doc

windows7_x64

Sharing

General

Target

BANK COPY.doc
Size

440KB
Sample

211021-rk3s1sbcen
MD5

978891042c401f4f06a7575d86c62533
SHA1

1e51fadad4f54b068a3693aec6693c78feba3ee0
SHA256

828803e774a6a8a421b89862344bcce0445e8f38664baa1ceea169633fb3a73a
SHA512

71dd81bae7d55713a4716a29ece7af66d5a6d73d835b08bda29fdefe9d98a8a11921b64d6825f52a9e55cc9c087008811abb330c8c247d0c573b0a4eca83adaa

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

BANK COPY.doc

Resource

win7-en-20211014

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.vivaldi.net
Port:
587
Username:
[email protected]
Password:
payment@1234

Targets

- Target
  
  BANK COPY.doc
- Size
  
  440KB
- MD5
  
  978891042c401f4f06a7575d86c62533
- SHA1
  
  1e51fadad4f54b068a3693aec6693c78feba3ee0
- SHA256
  
  828803e774a6a8a421b89862344bcce0445e8f38664baa1ceea169633fb3a73a
- SHA512
  
  71dd81bae7d55713a4716a29ece7af66d5a6d73d835b08bda29fdefe9d98a8a11921b64d6825f52a9e55cc9c087008811abb330c8c247d0c573b0a4eca83adaa
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy