agenttesla | 01e8a1ca1f1bf33e403c46728290c2b82c7587233d32c82752f72b10f7a3f5e7 | Triage

Sharing

General

Target

DEVELOPER_SNIPER_JOD_DARK_ESSENTIAL_PLAN.rar
Size

1.1MB
Sample

240329-wj4fdaec3y
MD5

cb80960b9a14711e70278bec71f14bbc
SHA1

0fadfe3996315a1d5eeb2c384a3e12ced1d20925
SHA256

01e8a1ca1f1bf33e403c46728290c2b82c7587233d32c82752f72b10f7a3f5e7
SHA512

4cff873710d4977dc55fa22d97ba15282f63cc6cc931f2201826c0995a7f620e7c46af1d8be6ee53c6d602b99c5b4185a468ad3f17448a82ee3444685489105d
SSDEEP

24576:QzJ6DGQqBbVwn6c+O0EcCPSR70/g/nucNygVJKz4NBbZxe9/XH:QzCRAVG5fauGs+JKQbihH

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  DEVELOPER_SNIPER_JOD_DARK_ESSENTIAL_PLAN.rar
- Size
  
  1.1MB
- MD5
  
  cb80960b9a14711e70278bec71f14bbc
- SHA1
  
  0fadfe3996315a1d5eeb2c384a3e12ced1d20925
- SHA256
  
  01e8a1ca1f1bf33e403c46728290c2b82c7587233d32c82752f72b10f7a3f5e7
- SHA512
  
  4cff873710d4977dc55fa22d97ba15282f63cc6cc931f2201826c0995a7f620e7c46af1d8be6ee53c6d602b99c5b4185a468ad3f17448a82ee3444685489105d
- SSDEEP
  
  24576:QzJ6DGQqBbVwn6c+O0EcCPSR70/g/nucNygVJKz4NBbZxe9/XH:QzCRAVG5fauGs+JKQbihH
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2