agenttesla | 0368ab0f24763144b866c9894899858d8c493d13c3d9cb170edf4582adbf4514 | Triage

Sharing

General

Target

Zara+Perm_new.zip
Size

1.3MB
Sample

240916-jvaafswgra
MD5

ff31dd46cc80d102852a370f4dc13aba
SHA1

e6644f9d9a87e59dca851fbdaeed3017a9901d95
SHA256

0368ab0f24763144b866c9894899858d8c493d13c3d9cb170edf4582adbf4514
SHA512

7b4fe8da1d901136a6cce97ad438e492bcd74aa9b24f760401df3a75f8e5a8cec395377a1ec7e06acfa32582ae18ebfc7ce0068debff679925d62f8137a4e05f
SSDEEP

24576:VxQRub/VUyYo233SqR57Ckd1J4xi/BQrN+CECdGkx2cka5rVmbHqakNOcEZ8flf8:VGRubKp3SqRVCkHJ4xCOG+h2cH5UHqhe

Score

10^/10

agenttesla discovery evasion execution keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  Zara+Perm_new.zip
- Size
  
  1.3MB
- MD5
  
  ff31dd46cc80d102852a370f4dc13aba
- SHA1
  
  e6644f9d9a87e59dca851fbdaeed3017a9901d95
- SHA256
  
  0368ab0f24763144b866c9894899858d8c493d13c3d9cb170edf4582adbf4514
- SHA512
  
  7b4fe8da1d901136a6cce97ad438e492bcd74aa9b24f760401df3a75f8e5a8cec395377a1ec7e06acfa32582ae18ebfc7ce0068debff679925d62f8137a4e05f
- SSDEEP
  
  24576:VxQRub/VUyYo233SqR57Ckd1J4xi/BQrN+CECdGkx2cka5rVmbHqakNOcEZ8flf8:VGRubKp3SqRVCkHJ4xCOG+h2cH5UHqhe
Score

10^/10

agenttesla discovery evasion execution keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Downloads MZ/PE file
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion execution
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

agenttesladiscoveryevasionexecutionkeyloggerpersistencespywarestealertrojan