agenttesla | 14c55731e7390ce071bd81cceaf4410175304f3e42dd74e880c212a1d51fd30f | Triage

Submit
Reports

Overview

overview

Static

static

Order.xls

windows7-x64

Order.xls

windows10-2004-x64

1

Sharing

General

Target

Order.xls
Size

1.0MB
Sample

221123-qxdh8afa82
MD5

6adcba987bdbba646e38483eec46c072
SHA1

bff302a72c68fa89aaf0c709e7065b2c547736de
SHA256

14c55731e7390ce071bd81cceaf4410175304f3e42dd74e880c212a1d51fd30f
SHA512

d7eec8d305349a0e7891a2efeee789f10524e6dee8030bea99119b250e1759bc90937fb078f2fd1d1ecfeff9ddf304764053180cc4bbb35416a65551ce8082b7
SSDEEP

24576:/r5XXXXXXXXXXXXUXXXXXXXSXXXXXXXXJmMr5XXXXXXXXXXXXUXXXXXXXSXXXXXr:TX

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Order.xls

Resource

win7-20221111-en

agenttesla keylogger spyware stealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

Order.xls

Resource

win10v2004-20221111-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1900392974:AAEB_yGGlWksNcNC4Dg08OgUSlmDON2w098/sendDocument

Targets

- Target
  
  Order.xls
- Size
  
  1.0MB
- MD5
  
  6adcba987bdbba646e38483eec46c072
- SHA1
  
  bff302a72c68fa89aaf0c709e7065b2c547736de
- SHA256
  
  14c55731e7390ce071bd81cceaf4410175304f3e42dd74e880c212a1d51fd30f
- SHA512
  
  d7eec8d305349a0e7891a2efeee789f10524e6dee8030bea99119b250e1759bc90937fb078f2fd1d1ecfeff9ddf304764053180cc4bbb35416a65551ce8082b7
- SSDEEP
  
  24576:/r5XXXXXXXXXXXXUXXXXXXXSXXXXXXXXJmMr5XXXXXXXXXXXXUXXXXXXXSXXXXXr:TX
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy