agenttesla | 0a5a8423274bf1f4ba1b90b99ef3efdadcb5459a519c47dc6ebb97a2065ead4c | Triage

Submit
Reports

Overview

overview

Static

static

1188574f43...18.exe

windows7-x64

1188574f43...18.exe

windows10-2004-x64

Sharing

General

Target

1188574f43ab4949dbc23b2b0c358c64_JaffaCakes118
Size

659KB
Sample

240504-ffx67age76
MD5

1188574f43ab4949dbc23b2b0c358c64
SHA1

71fccbdd47f6285899cf45e0ba5d532490caa8ba
SHA256

0a5a8423274bf1f4ba1b90b99ef3efdadcb5459a519c47dc6ebb97a2065ead4c
SHA512

93cf09dd8efbcbb353d68f0b049fca2df8f52c13a23847de24049680dcc5bd46185870db098d2c5a283a1b4f4d2a7165a3f4304c2f77447b8bb34eff8a24c723
SSDEEP

6144:2NZuc+lNVaQsebRFxlh9jwrp5aTvAgT4RS3eATXModewM9O7vGmcqebCa3ems9t:2j+paxO8rSTmk3eA79s9yebCm

Score

10^/10

agenttesla agilenet execution keylogger persistence spyware stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

1188574f43ab4949dbc23b2b0c358c64_JaffaCakes118.exe

Resource

win7-20240221-en

agenttesla agilenet execution keylogger persistence spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

1188574f43ab4949dbc23b2b0c358c64_JaffaCakes118.exe

Resource

win10v2004-20240419-en

agenttesla agilenet execution keylogger persistence spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  1188574f43ab4949dbc23b2b0c358c64_JaffaCakes118
- Size
  
  659KB
- MD5
  
  1188574f43ab4949dbc23b2b0c358c64
- SHA1
  
  71fccbdd47f6285899cf45e0ba5d532490caa8ba
- SHA256
  
  0a5a8423274bf1f4ba1b90b99ef3efdadcb5459a519c47dc6ebb97a2065ead4c
- SHA512
  
  93cf09dd8efbcbb353d68f0b049fca2df8f52c13a23847de24049680dcc5bd46185870db098d2c5a283a1b4f4d2a7165a3f4304c2f77447b8bb34eff8a24c723
- SSDEEP
  
  6144:2NZuc+lNVaQsebRFxlh9jwrp5aTvAgT4RS3eATXModewM9O7vGmcqebCa3ems9t:2j+paxO8rSTmk3eA79s9yebCm
Score

10^/10

agenttesla agilenet execution keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslaagilenetexecutionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslaagilenetexecutionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy