agenttesla | 291694865cd38c0e9b5a2700f1f4a401e263ff9ec402691bf83710b8e5f819b1 | Triage

Submit
Reports

Overview

overview

Static

static

bbcrypted.exe

windows7_x64

bbcrypted.exe

windows10-2004_x64

Sharing

General

Target

291694865cd38c0e9b5a2700f1f4a401e263ff9ec402691bf83710b8e5f819b1
Size

351KB
Sample

220521-pnc1naahal
MD5

2f33e759c62f288727b2b49d3451124a
SHA1

912395161c215e8e2e0cd44b6a967aa21746403c
SHA256

291694865cd38c0e9b5a2700f1f4a401e263ff9ec402691bf83710b8e5f819b1
SHA512

adaf9485cfe4c9e41f805ae1ca081d3133747d81ed2d909ada7ba1ed865a2f718e34baf69024182ece574226a6d926470c0047421ba7620acc902a2f8a340cf1

Score

10^/10

agenttesla agilenet keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

bbcrypted.exe

Resource

win7-20220414-en

agenttesla agilenet keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bbcrypted.exe

Resource

win10v2004-20220414-en

agenttesla keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  bbcrypted.exe
- Size
  
  724KB
- MD5
  
  0bdce81070764a570057b6381f91c225
- SHA1
  
  258b9e1189aa620632803aa1ede6cec3c0d7490b
- SHA256
  
  fda9cdc6d189a4f40199d09a2cd49522189e9494d6a7a3dc0d5bdd5faddb355a
- SHA512
  
  3dc23b61bc6044b99c0438d80aec8697073198731c59762b6e640b9283bd3c21ce9b25e356c4cf263f497ecca573f3d78bac3d56ff6402fb3640212474659866
Score

10^/10

agenttesla agilenet keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslaagilenetkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy