agenttesla | d94d1e06068956048d32860b187a4a5faab782143631660f2d174048f6cae5ae | Triage

Submit
Reports

Overview

overview

Static

static

1

message(1).bat

windows10-2004-x64

Sharing

General

Target

message(1).bat
Size

4KB
Sample

240916-a2c59azfrc
MD5

e296801aa02e88edcfc6132fbfe05504
SHA1

7bffaaebf505f46a2a5fa352076781e3b70b816b
SHA256

d94d1e06068956048d32860b187a4a5faab782143631660f2d174048f6cae5ae
SHA512

79e27d197a69f40b4e1478dd0020644b7378dcc4455df9f8ad03caf0ebc80e63809b486fd2df57e6978c8fee49bd7192d8b5e4d765803153741d3767c5b04d32
SSDEEP

96:FKBYr6CQ9lrTi8Dsg9jfltpRBTPiQQLNBuZYbzTe/jyDaP3D7uM1I2iJPABY:FJr6CR8wgNlTaLnuqbe/yaP3mM1GPD

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

message(1).bat

Resource

win10v2004-20240802-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

24 signatures

300 seconds

Malware Config

Targets

- Target
  
  message(1).bat
- Size
  
  4KB
- MD5
  
  e296801aa02e88edcfc6132fbfe05504
- SHA1
  
  7bffaaebf505f46a2a5fa352076781e3b70b816b
- SHA256
  
  d94d1e06068956048d32860b187a4a5faab782143631660f2d174048f6cae5ae
- SHA512
  
  79e27d197a69f40b4e1478dd0020644b7378dcc4455df9f8ad03caf0ebc80e63809b486fd2df57e6978c8fee49bd7192d8b5e4d765803153741d3767c5b04d32
- SSDEEP
  
  96:FKBYr6CQ9lrTi8Dsg9jfltpRBTPiQQLNBuZYbzTe/jyDaP3D7uM1I2iJPABY:FJr6CR8wgNlTaLnuqbe/yaP3mM1GPD
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy