agenttesla | fdc933039af067d9d28c8b9784b434516fbb7e24ebdb6e977a65c93f84ecaece | Triage

Submit
Reports

Overview

overview

Static

static

FDC933039A...CE.xls

windows7-x64

FDC933039A...CE.xls

windows10-2004-x64

1

Sharing

General

Target

FDC933039AF067D9D28C8B9784B434516FBB7E24EBDB6E977A65C93F84ECAECE
Size

750KB
Sample

221123-r2kzjadb2x
MD5

59f2256a6136b5a343e8767cff479bdb
SHA1

0174dcf3aced6df1565547147887150c7c6ccd8a
SHA256

fdc933039af067d9d28c8b9784b434516fbb7e24ebdb6e977a65c93f84ecaece
SHA512

9768f8bbb60deae7f136c900830db4ded648fa743f3cd0dea7d8b1dd5ce1888ed0489e1debd6dd569ec0309f3b49b91372da9c8b9d156222e42678976cbb872d
SSDEEP

12288:AIN3rDx7XXXXXXXXXXXXUXXXXXXXqXXXXXXXXFTmCpIN3rDx7XXXXXXXXXXXXUXc:Lr5XXXXXXXXXXXXUXXXXXXXqXXXXXXXi

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

FDC933039AF067D9D28C8B9784B434516FBB7E24EBDB6E977A65C93F84ECAECE.xls

Resource

win7-20221111-en

agenttesla keylogger spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

FDC933039AF067D9D28C8B9784B434516FBB7E24EBDB6E977A65C93F84ECAECE.xls

Resource

win10v2004-20221111-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1900392974:AAEB_yGGlWksNcNC4Dg08OgUSlmDON2w098/sendDocument

Targets

- Target
  
  FDC933039AF067D9D28C8B9784B434516FBB7E24EBDB6E977A65C93F84ECAECE
- Size
  
  750KB
- MD5
  
  59f2256a6136b5a343e8767cff479bdb
- SHA1
  
  0174dcf3aced6df1565547147887150c7c6ccd8a
- SHA256
  
  fdc933039af067d9d28c8b9784b434516fbb7e24ebdb6e977a65c93f84ecaece
- SHA512
  
  9768f8bbb60deae7f136c900830db4ded648fa743f3cd0dea7d8b1dd5ce1888ed0489e1debd6dd569ec0309f3b49b91372da9c8b9d156222e42678976cbb872d
- SSDEEP
  
  12288:AIN3rDx7XXXXXXXXXXXXUXXXXXXXqXXXXXXXXFTmCpIN3rDx7XXXXXXXXXXXXUXc:Lr5XXXXXXXXXXXXUXXXXXXXqXXXXXXXi
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy