agenttesla | 3dbdc714413f30884bf8622bbd13cd052167783dfb4918a5af2ad824268a0527 | Triage

Submit
Reports

Overview

overview

Static

static

5

new order ...47.exe

windows7-x64

new order ...47.exe

windows10-2004-x64

Sharing

General

Target

3dbdc714413f30884bf8622bbd13cd052167783dfb4918a5af2ad824268a0527.rar
Size

978KB
Sample

240524-n7pm5ahe53
MD5

6d82b8a85a31253531c6952e089f4179
SHA1

445a43a692fd533d26b4d91ec456e53289da2f6b
SHA256

3dbdc714413f30884bf8622bbd13cd052167783dfb4918a5af2ad824268a0527
SHA512

e57abf42ddf0b2f64612e10dbffc771a91e23b182d69181407076d0a3dd07fd674a6fdd8e0e4130e9520cb0f11806aa9a54eefce75d04bdd58ff726d6334eeab
SSDEEP

24576:E7+eEAhwepz0yH1benKce9sxgFTznVJAK4OnbQUEcWzYan:E7HBwhYbeKce9RF3nVJADOn0UEzY0

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

new order inquiry fabboya international traders - 22012020 Q19388347.exe

Resource

win7-20231129-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

new order inquiry fabboya international traders - 22012020 Q19388347.exe

Resource

win10v2004-20240508-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  new order inquiry fabboya international traders - 22012020 Q19388347.exe
- Size
  
  1.5MB
- MD5
  
  793e1ff5b45d4a449535cabcf9da7c3b
- SHA1
  
  0ab210dc8cc81a6bb45a72fab4ff375da1532765
- SHA256
  
  98b3a9409fe6dcd4566a9577262b46911049a70ee74412b167f1ca9fad63a72b
- SHA512
  
  e445a14433e5a46ca9ff18f3fcfda4a1aebd4f4a7b7e50cb5a056f4b3d07ca46d8426ffd1eae6b2982e6fa19e64991cc612d0e05dd8ecc306706cec7671a6ff2
- SSDEEP
  
  24576:1u6J33O0c+JY5UZ+XC0kGso6FagA81GIdza6UPIcTYE7tgrZopEEP6X16cFK36yh:Xu0c++OCvkGs9FagA8e3PIcttgtomECq
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy