agenttesla | 7a112707b36ddcf967cc1e7f0bc161235c66f1b500c5e50ac965ded2d6510a8d | Triage

Sharing

General

Target

Zara+Perm_new.zip
Size

1.2MB
Sample

240911-q8rvzsvamf
MD5

e8456131ab377ae61e38f19ce4840562
SHA1

baeb4172af9550de15741492c161899ac1a4cfe9
SHA256

7a112707b36ddcf967cc1e7f0bc161235c66f1b500c5e50ac965ded2d6510a8d
SHA512

7477f4829e844ce11c6cfffb457892112ae54be658219bf5a44fbb3f5074be40d99225148f378f668108af73e9a2e1bce0cbb7608e561add86ac832931f1dad5
SSDEEP

24576:wzH27W1IP/f7Ujewe0R1r64bVwxgaOysqN/lsOuh7rQCzwWV1D:wj261IPXMew7rVbSjJN/lsOesWH

Score

10^/10

agenttesla discovery evasion execution keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  Zara+Perm_new.zip
- Size
  
  1.2MB
- MD5
  
  e8456131ab377ae61e38f19ce4840562
- SHA1
  
  baeb4172af9550de15741492c161899ac1a4cfe9
- SHA256
  
  7a112707b36ddcf967cc1e7f0bc161235c66f1b500c5e50ac965ded2d6510a8d
- SHA512
  
  7477f4829e844ce11c6cfffb457892112ae54be658219bf5a44fbb3f5074be40d99225148f378f668108af73e9a2e1bce0cbb7608e561add86ac832931f1dad5
- SSDEEP
  
  24576:wzH27W1IP/f7Ujewe0R1r64bVwxgaOysqN/lsOuh7rQCzwWV1D:wj261IPXMew7rVbSjJN/lsOesWH
Score

10^/10

agenttesla discovery evasion execution keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Downloads MZ/PE file
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

agenttesladiscoveryevasionexecutionkeyloggerpersistencespywarestealertrojan