agenttesla | 0870d9107c380e8a94587e7924b1230d146ea21c6bbc7b9731bff408204ab8d0 | Triage

Sharing

General

Target

RFQ__PO_PO 24090041-PDF____PDF.exe
Size

1.5MB
Sample

241004-eym89stgnr
MD5

bfea25f0cbf64304aaa2c361805d5e51
SHA1

700796263c71c76607cbbd74678b0b084d7bdb7c
SHA256

0870d9107c380e8a94587e7924b1230d146ea21c6bbc7b9731bff408204ab8d0
SHA512

88a62bc3b24b5fa43fa7a3bfe5075c50e36ae84a526b4fc34607cbfd9b525d8dd6baa4db4cfdd396e7e6355e3ede35744ae0e4cf6635b8cea780a8bdf63f6260
SSDEEP

24576:5qB+ONv0iCIg2p02MKcGXqExSApwS3bFnI/3:5e+ON8iCIHx0k

Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/

Targets

- Target
  
  RFQ__PO_PO 24090041-PDF____PDF.exe
- Size
  
  1.5MB
- MD5
  
  bfea25f0cbf64304aaa2c361805d5e51
- SHA1
  
  700796263c71c76607cbbd74678b0b084d7bdb7c
- SHA256
  
  0870d9107c380e8a94587e7924b1230d146ea21c6bbc7b9731bff408204ab8d0
- SHA512
  
  88a62bc3b24b5fa43fa7a3bfe5075c50e36ae84a526b4fc34607cbfd9b525d8dd6baa4db4cfdd396e7e6355e3ede35744ae0e4cf6635b8cea780a8bdf63f6260
- SSDEEP
  
  24576:5qB+ONv0iCIg2p02MKcGXqExSApwS3bFnI/3:5e+ON8iCIHx0k
Score

10^/10

discovery agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerpersistencespywarestealertrojan