agenttesla | 7099c54e39d4acbdd91ee4c47ed3d3f8e3d2913959b23e7a56e3435500fcc9c2 | Triage

Submit
Reports

Overview

overview

Static

static

5

Invoice 20235006.exe

windows7-x64

Invoice 20235006.exe

windows10-2004-x64

Sharing

General

Target

Invoice 20235006.exe
Size

1.6MB
Sample

240916-kap1vaxfje
MD5

e0fd11ccfbe16ce5eebb8c75cbc2c8f1
SHA1

2f75d40a35405a1ca13b483082d109d9c1346260
SHA256

7099c54e39d4acbdd91ee4c47ed3d3f8e3d2913959b23e7a56e3435500fcc9c2
SHA512

57f6cc6a9e17c2db9b2896a0e377212f115904853c15a86f154f0d4112da2feb61706223e03e1f69eb008a6f9e9d02e7aad2b42eafeb7b3cd59cec4b1b9e93af
SSDEEP

49152:7TvC/MTQYxsWR7aoN+8nY0Y8Yljab5rpw:vjTQYxsWRvnY0Y8ke5

Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Invoice 20235006.exe

Resource

win7-20240903-en

agenttesla collection credential_access discovery keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Invoice 20235006.exe

Resource

win10v2004-20240802-en

agenttesla collection credential_access discovery keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  Invoice 20235006.exe
- Size
  
  1.6MB
- MD5
  
  e0fd11ccfbe16ce5eebb8c75cbc2c8f1
- SHA1
  
  2f75d40a35405a1ca13b483082d109d9c1346260
- SHA256
  
  7099c54e39d4acbdd91ee4c47ed3d3f8e3d2913959b23e7a56e3435500fcc9c2
- SHA512
  
  57f6cc6a9e17c2db9b2896a0e377212f115904853c15a86f154f0d4112da2feb61706223e03e1f69eb008a6f9e9d02e7aad2b42eafeb7b3cd59cec4b1b9e93af
- SSDEEP
  
  49152:7TvC/MTQYxsWR7aoN+8nY0Y8Yljab5rpw:vjTQYxsWRvnY0Y8ke5
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy