agenttesla | 88c221b998daec1595efee531acff9a708104f1ba7d3420d3a0aa03a8a7f7b6d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

88c221b998daec1595efee531acff9a708104f1ba7d3420d3a0aa03a8a7f7b6d
Size

754KB
Sample

240611-kqhxga1clh
MD5

c06d5c4c6c8eb04d83275926aede95e2
SHA1

40ea5549d3bc60601b634141fe6f54d36230e8ee
SHA256

88c221b998daec1595efee531acff9a708104f1ba7d3420d3a0aa03a8a7f7b6d
SHA512

f462c29aa4d62ca21291c86c59196e0bc697fd35d539f9a6bde0b16383c746fdc5edffd80247a7bcc6a19fcb854083af1a9f18d620568772e477639f09a428fa
SSDEEP

12288:Z+XplFaN78nl8LFFmFHaKSRSymjsYtz8cDg1BRa0BtcG6emDMsk0td7xLFVAttuk:Z+5l18LDmFHfcSku16Ra4CMsk0tFNB1K

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  Revised invoice.exe
- Size
  
  1.1MB
- MD5
  
  bbf053237d91844a971521dab438f529
- SHA1
  
  6d281685b802068a7f43e4950a5dbf1f5ef0cdf5
- SHA256
  
  0fd8da5d6fb04b52cfbc2074c9d5382a7b10ab501913b61e31408a2aa16a02e0
- SHA512
  
  43f6602b4d33faf1516d4eeb5b467b99557e636d55a121ca9672d0bb4af4e7677008d98b88f28e09a66c527792c7d991f982fd0a540ea6192a7387f963167468
- SSDEEP
  
  24576:lAHnh+eWsN3skA4RV1Hom2KXMmHaAXzHwSbNI3/xToFPs5:Uh+ZkldoPK8YaAjlbN+/U6
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2