agenttesla | 48d134a16273121969501304718b77ec2325bafb9951a2ae501badc8cf738be4 | Triage

Sharing

General

Target

48d134a16273121969501304718b77ec2325bafb9951a2ae501badc8cf738be4.zip
Size

780KB
Sample

240612-web6bstend
MD5

a22cfbc7defbbc33cf21c5fe9a14602e
SHA1

aa448eea3a1ca2ee75f5f5659b7a8e6f5f29adb9
SHA256

48d134a16273121969501304718b77ec2325bafb9951a2ae501badc8cf738be4
SHA512

ab3d6e85232d6be2ab160b7f77ca8364694fb4089e8e0cb25b62dad5c748cc8034980db2bb90481526c2a7c403dc1a7d8de6902503a72741c5bb2de6a640c06c
SSDEEP

24576:AWYJXRWrmh4xkIXbEqGIjoBr7mCzfDi3ys5K91J8:AWYJXqXYIjoBvmqDYv5aJ8

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  SOA.exe
- Size
  
  1.2MB
- MD5
  
  a6e9d4fa94edb21aa16b167dfec4f624
- SHA1
  
  1b9f0d78dd27baa672c3d904b8bb0e8e9bdf7117
- SHA256
  
  f0a931ba453d846bac36ab75d1e79847170cd8f562ccb117e92133434d301abf
- SHA512
  
  1f64657ca18349d7977797b47414969494ab914387d1175b1cfeae4cda4f066111059eec2aa66fcf8333398934e764c740ee2d71453ada91fcd71c6a8c66bc64
- SSDEEP
  
  24576:/AHnh+eWsN3skA4RV1Hom2KXMmHaWe2HXtKxksRk9bEC5:ih+ZkldoPK8YaWegt+RR8d
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan