agenttesla | 83532bb6a24d4eb669d3655d94345e3b44df39025e8c4ad024d5365575a70fe2 | Triage

Submit
Reports

Overview

overview

Static

static

MAERSK KLE...49.exe

windows7_x64

MAERSK KLE...49.exe

windows10-2004_x64

Sharing

General

Target

83532bb6a24d4eb669d3655d94345e3b44df39025e8c4ad024d5365575a70fe2
Size

1.4MB
Sample

220521-n49h5aefc8
MD5

6eaeb10b60ff1d30184145fa7b821c92
SHA1

c86fe34f3bce6094060d908dd725f0d5ed684731
SHA256

83532bb6a24d4eb669d3655d94345e3b44df39025e8c4ad024d5365575a70fe2
SHA512

816a8203a8f32039ba163c6a3d7b47321158cdda9af9fe5f781578bcb6c30dddcf22b419631b0b65e980e42ec4e7f6c261865216f25864f6a7658a658687e56c

Score

10^/10

agenttesla collection evasion keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

MAERSK KLEVEN V.949.exe

Resource

win7-20220414-en

agenttesla collection evasion keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

MAERSK KLEVEN V.949.exe

Resource

win10v2004-20220414-en

agenttesla collection evasion keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  MAERSK KLEVEN V.949.exe
- Size
  
  3.9MB
- MD5
  
  21eda5c3a9b012e0ae18f446da1b9eeb
- SHA1
  
  0b01392f53c0fe65952495ba14af70420d2c5853
- SHA256
  
  f1f8cbfc6921ce73c2c3668b2fded2a1bdb3cf8d5434f23090840115188fd7b9
- SHA512
  
  74ae6555b9329bc549bd686f9d861b2d09bf0030b07a1289801bef239751c770fcb3ef729e6bcf724f32a6869893bb119480d3680e78b6be5bccc770bf517c18
Score

10^/10

agenttesla collection evasion keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Modifies WinLogon for persistence
  persistence
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- AgentTesla Payload
- Drops startup file
- Windows security modification
  evasion trojan
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionevasionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionevasionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy