agenttesla | 59c1ab21cdd58b8a8d9b4cdf0b8342a874863f16b5870e1db9dd2c1423e91aa8 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...33.xls

windows7-x64

SecuriteIn...33.xls

windows10-2004-x64

1

Sharing

General

Target

SecuriteInfo.com.Exploit.MathType-Obfs.Gen.12129.3733.xlsx
Size

267KB
Sample

221208-p2cbaaaa57
MD5

6071443d52fc119af0d876a05c83dbba
SHA1

b97a01161c15e7462b13f5d65170c19984ecef0b
SHA256

59c1ab21cdd58b8a8d9b4cdf0b8342a874863f16b5870e1db9dd2c1423e91aa8
SHA512

132b1a493d4f6497f39d686a282aa97f355a6e4c181adf84d3d185530be961c402638d57164692c21c10ce6e415ece462ef33c1d4d33696ff84cbadae6673c91
SSDEEP

6144:HZ+RwPONXoRjDhIcp0fDlavx+W26nAek0GHm4iiGIIPaT/:iHm4iVIIPW

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Exploit.MathType-Obfs.Gen.12129.3733.xls

Resource

win7-20221111-en

agenttesla keylogger spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Exploit.MathType-Obfs.Gen.12129.3733.xls

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/sendDocument

Targets

- Target
  
  SecuriteInfo.com.Exploit.MathType-Obfs.Gen.12129.3733.xlsx
- Size
  
  267KB
- MD5
  
  6071443d52fc119af0d876a05c83dbba
- SHA1
  
  b97a01161c15e7462b13f5d65170c19984ecef0b
- SHA256
  
  59c1ab21cdd58b8a8d9b4cdf0b8342a874863f16b5870e1db9dd2c1423e91aa8
- SHA512
  
  132b1a493d4f6497f39d686a282aa97f355a6e4c181adf84d3d185530be961c402638d57164692c21c10ce6e415ece462ef33c1d4d33696ff84cbadae6673c91
- SSDEEP
  
  6144:HZ+RwPONXoRjDhIcp0fDlavx+W26nAek0GHm4iiGIIPaT/:iHm4iVIIPW
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy