agenttesla | bf2239405f9dd620fc5c74ac45eb41ec8bb5d9fb6f191bc5911e094bb4514b32 | Triage

Sharing

General

Target

AudioChanger.exe
Size

1.4MB
Sample

240524-xbeygsfd32
MD5

1e3af2aa523db756f13cd5274208d273
SHA1

924c7673a6808e51df709937f7cd5e349839df16
SHA256

bf2239405f9dd620fc5c74ac45eb41ec8bb5d9fb6f191bc5911e094bb4514b32
SHA512

7a55e3b5e818cfe9b0123eed8fb0479de809ab8384347d36e7a7b42756d2e776fff5fdfff207a7fe2bf0d047f23b041a8b4cf97604feeef80c473afc273c0666
SSDEEP

24576:eI0fWjg4xVGitOcfYmzwGXvlBeDWH89eosLliGnIuN1PyFoBkkAo9:GfWjgYEitVwmzwGXvlBNH89kLZnTKan

Score

10^/10

agenttesla evasion execution keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  AudioChanger.exe
- Size
  
  1.4MB
- MD5
  
  1e3af2aa523db756f13cd5274208d273
- SHA1
  
  924c7673a6808e51df709937f7cd5e349839df16
- SHA256
  
  bf2239405f9dd620fc5c74ac45eb41ec8bb5d9fb6f191bc5911e094bb4514b32
- SHA512
  
  7a55e3b5e818cfe9b0123eed8fb0479de809ab8384347d36e7a7b42756d2e776fff5fdfff207a7fe2bf0d047f23b041a8b4cf97604feeef80c473afc273c0666
- SSDEEP
  
  24576:eI0fWjg4xVGitOcfYmzwGXvlBeDWH89eosLliGnIuN1PyFoBkkAo9:GfWjgYEitVwmzwGXvlBNH89kLZnTKan
Score

10^/10

agenttesla keylogger spyware stealer trojan evasion execution
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Stops running service(s)
  evasion execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslaevasionexecutionkeyloggerspywarestealertrojan