agenttesla | f90a42ec706dccec4f27fa3f3a7cf08443ddd67c9a919249f886ad7d59f65c52 | Triage

Sharing

General

Target

f90a42ec706dccec4f27fa3f3a7cf08443ddd67c9a919249f886ad7d59f65c52
Size

1.5MB
Sample

220521-nyd52ahdfk
MD5

70d48d214ab85e557e6937234f6f54ec
SHA1

08b491055a84ac87be53103f07551cec611d1441
SHA256

f90a42ec706dccec4f27fa3f3a7cf08443ddd67c9a919249f886ad7d59f65c52
SHA512

7dedc5f35f34999ffeda7a9380327d6c6e075653f82b544b2d0edf04ba5a11c8b42d0a41d5711e7ec503e48a240221ef230f47276217b902a509466b8c0aec39

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  PO 59116.exe
- Size
  
  4.5MB
- MD5
  
  4e76414c1fd03feb827a6559827996ca
- SHA1
  
  5bb2d31ec3439cd92b0059c791624cec9e2a5f3d
- SHA256
  
  cea8cae444dd5dadf01c31def4681b170907b97e0cfb468a9ff317ce7ae736a3
- SHA512
  
  1c23c1af05027ecf1de0d8c09417019d82108fe6de657d7881c05c9ea554b818fb900fd267dcc495e4ed48b8f00cd4567023d91348a6ec10ef449649eef77c3f
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Modifies WinLogon for persistence
  persistence
- AgentTesla Payload
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2