agenttesla | b52b2e4248a58b39e1dd4571a9699e5f43eb3d33e09f88f651f1596d9818694b | Triage

Sharing

General

Target

AudioChanger.exe
Size

1.1MB
Sample

240703-fmkjnsselj
MD5

682c57932715d90d7b837ed240793778
SHA1

a94b0dcf63cfc50157cff29b917e55ed6e224cfc
SHA256

b52b2e4248a58b39e1dd4571a9699e5f43eb3d33e09f88f651f1596d9818694b
SHA512

6f5eb6478a92f82ae3f6b5aca93f7b7eb738388ab493503bec8013305d8944b9922753402f44f0bdfda9529f50b0fc97ccacb63e9c333ae389fe4b471ede22bc
SSDEEP

24576:kSifWjg4xVGitOcfYmzwGXvlBeDWH89eosLliGnIuN1PyFoBkkAaKK:kSifWjgYEitVwmzwGXvlBNH89kLZnTKD

Score

10^/10

agenttesla evasion execution keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  AudioChanger.exe
- Size
  
  1.1MB
- MD5
  
  682c57932715d90d7b837ed240793778
- SHA1
  
  a94b0dcf63cfc50157cff29b917e55ed6e224cfc
- SHA256
  
  b52b2e4248a58b39e1dd4571a9699e5f43eb3d33e09f88f651f1596d9818694b
- SHA512
  
  6f5eb6478a92f82ae3f6b5aca93f7b7eb738388ab493503bec8013305d8944b9922753402f44f0bdfda9529f50b0fc97ccacb63e9c333ae389fe4b471ede22bc
- SSDEEP
  
  24576:kSifWjg4xVGitOcfYmzwGXvlBeDWH89eosLliGnIuN1PyFoBkkAaKK:kSifWjgYEitVwmzwGXvlBNH89kLZnTKD
Score

10^/10

agenttesla keylogger spyware stealer trojan evasion execution
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Stops running service(s)
  evasion execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslaevasionexecutionkeyloggerspywarestealertrojan