agenttesla | 997ce8372e3dca365258dd1643f2de015d105205cae9b83a49507dc0281fb48e | Triage

Submit
Reports

Overview

overview

Static

static

Shipping D...s.xlsx

windows7_x64

Shipping D...s.xlsx

windows10_x64

1

Sharing

General

Target

Shipping Documents.xlsx
Size

296KB
Sample

211025-g6n7msffg3
MD5

ae884ec9f42ceb1dcdef6cf4f93cce9c
SHA1

6226ec516e17485b6b0e199e1a7661f56c4903c2
SHA256

997ce8372e3dca365258dd1643f2de015d105205cae9b83a49507dc0281fb48e
SHA512

08e27d46d0ae20a832b7a8a4a49c1179d4affeadbd32bb438854ddefa3800c531a6a2580477e9bc400e0f5477b551ffbdb8d15028fccd94a2016290f1e20090d

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Shipping Documents.xlsx

Resource

win7-en-20210920

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Shipping Documents.xlsx

Resource

win10-en-20210920

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.enerzi.co
Port:
587
Username:
[email protected]
Password:
Enerzis@123!#

Targets

- Target
  
  Shipping Documents.xlsx
- Size
  
  296KB
- MD5
  
  ae884ec9f42ceb1dcdef6cf4f93cce9c
- SHA1
  
  6226ec516e17485b6b0e199e1a7661f56c4903c2
- SHA256
  
  997ce8372e3dca365258dd1643f2de015d105205cae9b83a49507dc0281fb48e
- SHA512
  
  08e27d46d0ae20a832b7a8a4a49c1179d4affeadbd32bb438854ddefa3800c531a6a2580477e9bc400e0f5477b551ffbdb8d15028fccd94a2016290f1e20090d
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy