agenttesla | 86b7a8f781a421b4e69ef1538bc1c122b0f317acbab82fa23356dfebb18af991 | Triage

Submit
Reports

Overview

overview

Static

static

86b7a8f781...91.exe

windows7-x64

86b7a8f781...91.exe

windows10-2004-x64

Sharing

General

Target

86b7a8f781a421b4e69ef1538bc1c122b0f317acbab82fa23356dfebb18af991
Size

876KB
Sample

221130-n659gsbh3x
MD5

7224c9668610d2e7c722e98e2aa937cb
SHA1

528fd30e17878c4382170293fde01b3486293c9e
SHA256

86b7a8f781a421b4e69ef1538bc1c122b0f317acbab82fa23356dfebb18af991
SHA512

da994362157f2909db63ce8bc4eab8073e450e0652750e3153c491c53411ee69bce91796de0d8e5f6dddb5e667bbd1be318c292b34eb4387d625d28114530272
SSDEEP

6144:6ZYZWBXFXfMrKmcewHuqIDU7/5mgS7q0XQxvV2B/TsSZ7ADmQK5DLlH:dxFEIDC/5mi5KLsS2KhR

Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

86b7a8f781a421b4e69ef1538bc1c122b0f317acbab82fa23356dfebb18af991.exe

Resource

win7-20220812-en

agenttesla agilenet keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

86b7a8f781a421b4e69ef1538bc1c122b0f317acbab82fa23356dfebb18af991.exe

Resource

win10v2004-20221111-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  86b7a8f781a421b4e69ef1538bc1c122b0f317acbab82fa23356dfebb18af991
- Size
  
  876KB
- MD5
  
  7224c9668610d2e7c722e98e2aa937cb
- SHA1
  
  528fd30e17878c4382170293fde01b3486293c9e
- SHA256
  
  86b7a8f781a421b4e69ef1538bc1c122b0f317acbab82fa23356dfebb18af991
- SHA512
  
  da994362157f2909db63ce8bc4eab8073e450e0652750e3153c491c53411ee69bce91796de0d8e5f6dddb5e667bbd1be318c292b34eb4387d625d28114530272
- SSDEEP
  
  6144:6ZYZWBXFXfMrKmcewHuqIDU7/5mgS7q0XQxvV2B/TsSZ7ADmQK5DLlH:dxFEIDC/5mi5KLsS2KhR
Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslaagilenetkeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy