agenttesla | 45fa0af9ea01c68fb0e9d26a3cfd4902852f0f97385515bac1cfb7b69b1d661f | Triage

Submit
Reports

Overview

overview

Static

static

FACTURA PO.....xlsx

windows7_x64

FACTURA PO.....xlsx

windows10_x64

1

Sharing

General

Target

FACTURA POR YD21-PIIMT0726..xlsx
Size

228KB
Sample

211112-mtbcxadbh4
MD5

f2ecdf9f8a260927da1cc7677453de70
SHA1

9e3514d7b1a267f3b61fe19a5545e68062591278
SHA256

45fa0af9ea01c68fb0e9d26a3cfd4902852f0f97385515bac1cfb7b69b1d661f
SHA512

15e881e11807b0184720f344c9afc80f662ce82cceba25545b97a725d73530fb40f88c7738a471492bd5710324712f08b60c837e25131d8e20f9814ff7a47247

Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

FACTURA POR YD21-PIIMT0726..xlsx

Resource

win7-en-20211104

agenttesla agilenet keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

FACTURA POR YD21-PIIMT0726..xlsx

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1923270472:AAFHljVp-f8Q5-X0iy70Vfe0aTch5THPa-U/sendDocument

Targets

- Target
  
  FACTURA POR YD21-PIIMT0726..xlsx
- Size
  
  228KB
- MD5
  
  f2ecdf9f8a260927da1cc7677453de70
- SHA1
  
  9e3514d7b1a267f3b61fe19a5545e68062591278
- SHA256
  
  45fa0af9ea01c68fb0e9d26a3cfd4902852f0f97385515bac1cfb7b69b1d661f
- SHA512
  
  15e881e11807b0184720f344c9afc80f662ce82cceba25545b97a725d73530fb40f88c7738a471492bd5710324712f08b60c837e25131d8e20f9814ff7a47247
Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslaagilenetkeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy