agenttesla | bc51460c53989fff76b30039fffe6dfba7b68b44d7a40a0c6e94590141f8814b | Triage

Sharing

General

Target

AudioChanger.exe
Size

1.3MB
Sample

240524-ec6tgsbh7z
MD5

43b0b033d7458249dd76642d996230ba
SHA1

9760d72a56d7e70ea4b1e704073bdc528926ed34
SHA256

bc51460c53989fff76b30039fffe6dfba7b68b44d7a40a0c6e94590141f8814b
SHA512

c56fb332dcc96e5fa6aff706c9081981226b7f82d2e18473a72382e69eadc379ea58e0d6081f091ecdee9d4dee2c75ca60b435964e7bdb43fbdcd881f81ee475
SSDEEP

24576:WEtfWjg4xVGitOcfYmzwGXvlBeDWH89eosLliGnIuN1PyFoBkkAe/ALjX:9fWjgYEitVwmzwGXvlBNH89kLZnTKan

Score

10^/10

agenttesla evasion execution keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  AudioChanger.exe
- Size
  
  1.3MB
- MD5
  
  43b0b033d7458249dd76642d996230ba
- SHA1
  
  9760d72a56d7e70ea4b1e704073bdc528926ed34
- SHA256
  
  bc51460c53989fff76b30039fffe6dfba7b68b44d7a40a0c6e94590141f8814b
- SHA512
  
  c56fb332dcc96e5fa6aff706c9081981226b7f82d2e18473a72382e69eadc379ea58e0d6081f091ecdee9d4dee2c75ca60b435964e7bdb43fbdcd881f81ee475
- SSDEEP
  
  24576:WEtfWjg4xVGitOcfYmzwGXvlBeDWH89eosLliGnIuN1PyFoBkkAe/ALjX:9fWjgYEitVwmzwGXvlBNH89kLZnTKan
Score

10^/10

agenttesla keylogger spyware stealer trojan evasion execution
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Stops running service(s)
  evasion execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslaevasionexecutionkeyloggerspywarestealertrojan