agenttesla | 53c7bb8800c559d15b805410bf6f9d38b0a090f25e685c87c307c7509b8726e8 | Triage

Submit
Reports

Overview

overview

Static

static

PI.xlsx

windows7-x64

PI.xlsx

windows10-2004-x64

5

Sharing

General

Target

PI.xlsx
Size

110KB
Sample

220725-k435kabgdn
MD5

f3fbcbf9a28dc9aa9c541e4d170ca71c
SHA1

3da20744fb4ab31cbd6b5d8fedf1de8f9567b502
SHA256

53c7bb8800c559d15b805410bf6f9d38b0a090f25e685c87c307c7509b8726e8
SHA512

20b39da819591d0696c61cdb56da1653a3c5e8b612db47c757e483a720e08f0fc7a2b41441b3d87082edd0975052abf5630e1f1da20eb2410eb7f81c3cdb259f

Score

10^/10

agenttesla keylogger spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

PI.xlsx

Resource

win7-20220718-en

agenttesla keylogger spyware stealer suricata trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

PI.xlsx

Resource

win10v2004-20220721-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/sendDocument

Targets

- Target
  
  PI.xlsx
- Size
  
  110KB
- MD5
  
  f3fbcbf9a28dc9aa9c541e4d170ca71c
- SHA1
  
  3da20744fb4ab31cbd6b5d8fedf1de8f9567b502
- SHA256
  
  53c7bb8800c559d15b805410bf6f9d38b0a090f25e685c87c307c7509b8726e8
- SHA512
  
  20b39da819591d0696c61cdb56da1653a3c5e8b612db47c757e483a720e08f0fc7a2b41441b3d87082edd0975052abf5630e1f1da20eb2410eb7f81c3cdb259f
Score

10^/10

agenttesla keylogger spyware stealer suricata trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- AgentTesla payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealersuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy