agenttesla | 4aea573eeb1ef07b8186fc10089dd972303f2ca89c5758932edff01dbb6203c2 | Triage

Sharing

General

Target

4aea573eeb1ef07b8186fc10089dd972303f2ca89c5758932edff01dbb6203c2.exe
Size

2.8MB
Sample

241008-by5a1asckk
MD5

05aae520bbc216edc07abeb07c5f763e
SHA1

38fc6fb1076e9cce368b55ef4491652384209560
SHA256

4aea573eeb1ef07b8186fc10089dd972303f2ca89c5758932edff01dbb6203c2
SHA512

b3bbec0d5a04beb2ec108638b7509bd6741542ddec2b53138983cafc41c9bb5192492838cfa97360c9726edc0535b817a5c5da277a342813615f6c8989305b86
SSDEEP

24576:nC6uNvi15kGX4QnksdqJySDJB37yxYJaKBd021ut+yOCc3BtxqSVVg6vB7uXeXd:fOXXvoEm0TucvJ9CDT2uEDmAEx

Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/

Targets

- Target
  
  4aea573eeb1ef07b8186fc10089dd972303f2ca89c5758932edff01dbb6203c2.exe
- Size
  
  2.8MB
- MD5
  
  05aae520bbc216edc07abeb07c5f763e
- SHA1
  
  38fc6fb1076e9cce368b55ef4491652384209560
- SHA256
  
  4aea573eeb1ef07b8186fc10089dd972303f2ca89c5758932edff01dbb6203c2
- SHA512
  
  b3bbec0d5a04beb2ec108638b7509bd6741542ddec2b53138983cafc41c9bb5192492838cfa97360c9726edc0535b817a5c5da277a342813615f6c8989305b86
- SSDEEP
  
  24576:nC6uNvi15kGX4QnksdqJySDJB37yxYJaKBd021ut+yOCc3BtxqSVVg6vB7uXeXd:fOXXvoEm0TucvJ9CDT2uEDmAEx
Score

10^/10

discovery agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerpersistencespywarestealertrojan