agenttesla | cca042bce25b99b2e2aa1bf273242b2a4d7b88fda1819630be20c81a2265b0f7 | Triage

Sharing

General

Target

cca042bce25b99b2e2aa1bf273242b2a4d7b88fda1819630be20c81a2265b0f7
Size

76KB
Sample

221202-eq4w2sff5x
MD5

c6333b2b0f7255b60b0e39264ea82914
SHA1

4ed5571a05ae2e93047c0dee4bb1b6714413e5d1
SHA256

cca042bce25b99b2e2aa1bf273242b2a4d7b88fda1819630be20c81a2265b0f7
SHA512

35bb363cf3cfce349b9d06122ba9e62d533b1cef32ca73236ad0af8a48e0e762520523787737803ebdda5d12b741b28c0d09cb49011d4bc051afc7a32efd8736
SSDEEP

1536:lWfWK3Xl/D/IsNmi6eyFn3UKWd5MPMUx/8S0EwRCHm:lw1/D/Lr69Ejd5MPPkSaRT

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  cca042bce25b99b2e2aa1bf273242b2a4d7b88fda1819630be20c81a2265b0f7
- Size
  
  76KB
- MD5
  
  c6333b2b0f7255b60b0e39264ea82914
- SHA1
  
  4ed5571a05ae2e93047c0dee4bb1b6714413e5d1
- SHA256
  
  cca042bce25b99b2e2aa1bf273242b2a4d7b88fda1819630be20c81a2265b0f7
- SHA512
  
  35bb363cf3cfce349b9d06122ba9e62d533b1cef32ca73236ad0af8a48e0e762520523787737803ebdda5d12b741b28c0d09cb49011d4bc051afc7a32efd8736
- SSDEEP
  
  1536:lWfWK3Xl/D/IsNmi6eyFn3UKWd5MPMUx/8S0EwRCHm:lw1/D/Lr69Ejd5MPPkSaRT
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan