agenttesla

General

Target

837d8cc3da8af1b873a7c337214b73168fb688e17f3c33722aae27a169f506a2
Size

1.2MB
Sample

240328-2k6vsabc59
MD5

3c785d4ebfb66ee2896e9794529159bc
SHA1

ad3d49245fe44b35d6f8004e36bff0c4e4781e62
SHA256

837d8cc3da8af1b873a7c337214b73168fb688e17f3c33722aae27a169f506a2
SHA512

04625cc9db6b6ea26fe313b86c29f2717ce531ec66dbd0c61e90403f2c78f4513959758af2bd571a524cf73c2a9f9a1405cf3a44039ab8e790c467b1930018c3
SSDEEP

24576:YqDEvCTbMWu7rQYlBQcBiT6rprG8aOntHSiIs2LLLpJG+aL:YTvC/MTQYxsWR7aOtHDMzG+

Score

10^/10

Malware Config

Targets

- Target
  
  837d8cc3da8af1b873a7c337214b73168fb688e17f3c33722aae27a169f506a2
- Size
  
  1.2MB
- MD5
  
  3c785d4ebfb66ee2896e9794529159bc
- SHA1
  
  ad3d49245fe44b35d6f8004e36bff0c4e4781e62
- SHA256
  
  837d8cc3da8af1b873a7c337214b73168fb688e17f3c33722aae27a169f506a2
- SHA512
  
  04625cc9db6b6ea26fe313b86c29f2717ce531ec66dbd0c61e90403f2c78f4513959758af2bd571a524cf73c2a9f9a1405cf3a44039ab8e790c467b1930018c3
- SSDEEP
  
  24576:YqDEvCTbMWu7rQYlBQcBiT6rprG8aOntHSiIs2LLLpJG+aL:YTvC/MTQYxsWR7aOtHDMzG+
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect packed .NET executables. Mostly AgentTeslaV4.
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
- Detects executables referencing Windows vault credential objects. Observed in infostealers
- Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- Detects executables referencing many file transfer clients. Observed in information stealers
- Drops startup file
- Executes dropped EXE
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Detect packed .NET executables. Mostly AgentTeslaV4.

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion

Detects executables referencing Windows vault credential objects. Observed in infostealers

Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers

Detects executables referencing many email and collaboration clients. Observed in information stealers

Detects executables referencing many file transfer clients. Observed in information stealers

Drops startup file

Executes dropped EXE

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2