agenttesla | d32c5920ed9458d43b110e3ed34a54d617e173c76f5841003570a8c9ac95f75d | Triage

Submit
Reports

Overview

overview

Static

static

d32c5920ed...5d.exe

windows7_x64

d32c5920ed...5d.exe

windows10-2004_x64

Sharing

General

Target

d32c5920ed9458d43b110e3ed34a54d617e173c76f5841003570a8c9ac95f75d
Size

1.3MB
Sample

220520-h9hdyafhf7
MD5

f8d29431dde6dd65e034b99c29ce9c64
SHA1

0c23620a0070f37794b895c35d7afe1de83bc36f
SHA256

d32c5920ed9458d43b110e3ed34a54d617e173c76f5841003570a8c9ac95f75d
SHA512

844d18e3694ba0ef27c80bfc7a5638cf221559a4fa7e32383e84e9e0b095bdb342cc751ef8e2f39f6b95d438707bbb083434f753d00dbb2fafb5bd666ab6caae

Score

10^/10

agenttesla microsoft keylogger persistence phishing spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

d32c5920ed9458d43b110e3ed34a54d617e173c76f5841003570a8c9ac95f75d.exe

Resource

win7-20220414-en

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d32c5920ed9458d43b110e3ed34a54d617e173c76f5841003570a8c9ac95f75d.exe

Resource

win10v2004-20220414-en

agenttesla microsoft keylogger persistence phishing spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  d32c5920ed9458d43b110e3ed34a54d617e173c76f5841003570a8c9ac95f75d
- Size
  
  1.3MB
- MD5
  
  f8d29431dde6dd65e034b99c29ce9c64
- SHA1
  
  0c23620a0070f37794b895c35d7afe1de83bc36f
- SHA256
  
  d32c5920ed9458d43b110e3ed34a54d617e173c76f5841003570a8c9ac95f75d
- SHA512
  
  844d18e3694ba0ef27c80bfc7a5638cf221559a4fa7e32383e84e9e0b095bdb342cc751ef8e2f39f6b95d438707bbb083434f753d00dbb2fafb5bd666ab6caae
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan microsoft phishing
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslamicrosoftkeyloggerpersistencephishingspywarestealertrojan

© 2018-2024

Terms | Privacy