agenttesla

Sharing

Copy URL

Twitter E-mail

General

Target

03.10.2024 Tarihli Ödemeye İlişkin Dekontlar (490 KB).msg
Size

506KB
Sample

241008-m2dg8stekm
MD5

81c157483390c754351aee9ff6274500
SHA1

3b075c71de679ae362060320d9da1db1db8ed56a
SHA256

52f4e93c52a70db0d77c0fa2c3468aab038f3ca684cabece333b7497d3cf773a
SHA512

4d3e8ca8a8f5df1a601f12b526ff72cb633d098cc33d8cb0c105788bd36e50b1e1746590085e4534a4b50558bc70f21a9e10cdc0d237ca23e7a4aeb4bca7bfd4
SSDEEP

12288:1zzoNlFNIMvUB4q1Suw9NdELCpXMPbHjfGGn:9oN7N+H1tegbPPfGGn

Score

10^/10

Malware Config

Extracted

Family

agenttesla

https://api.telegram.org/bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/

Targets

- Target
  
  03.10.2024 Tarihli Ödemeye İlişkin Dekontlar (490 KB).msg
- Size
  
  506KB
- MD5
  
  81c157483390c754351aee9ff6274500
- SHA1
  
  3b075c71de679ae362060320d9da1db1db8ed56a
- SHA256
  
  52f4e93c52a70db0d77c0fa2c3468aab038f3ca684cabece333b7497d3cf773a
- SHA512
  
  4d3e8ca8a8f5df1a601f12b526ff72cb633d098cc33d8cb0c105788bd36e50b1e1746590085e4534a4b50558bc70f21a9e10cdc0d237ca23e7a4aeb4bca7bfd4
- SSDEEP
  
  12288:1zzoNlFNIMvUB4q1Suw9NdELCpXMPbHjfGGn:9oN7N+H1tegbPPfGGn
Score

5^/10

discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  unnamedtrd.png
- Size
  
  19KB
- MD5
  
  2cf348de66d8ca24abdd77a858807970
- SHA1
  
  5bf0680377839f02a10afabcf6d5ed3e15e77269
- SHA256
  
  38712bb168f25f9ccdf9eb3cbf9b434394c1e35b61f77b2bd623d4b8d2cb1a9c
- SHA512
  
  7718050f871ee179d04e27dbe607b2835229c8271f2827cb524cb7fa7b942477a26efd19fde661a9f69fa443cada975f952e84fd405ad897f27187406d416f0c
- SSDEEP
  
  384:Il6wA85gtBDlq+nk6YPOTbr54WpjoJ+R6kg34s9dh+0Ltmvtk:IgwA85gtBDlqck6nrCW6wZg3LAUtmFk
Score

3^/10
behavioral3 behavioral4
- Target
  
  Ödeme kopyası.pdf.lzh
- Size
  
  449KB
- MD5
  
  1a45c595585575d4449d876545ea00d4
- SHA1
  
  a3377beb563e75b32b730e353b825972ec593086
- SHA256
  
  db84ecf28cf9c25af8f91b5e442b61ad9499cebb0327fd9b9c7a015c5c15b9e9
- SHA512
  
  471a19e46e06e3e7b69af94dab44ff8a0420ec953cf83aca48cdb050c4af1e37cfcdf64fc6720880a56a69bc6b84a16081df9a7e790b480863f0b4178d79d045
- SSDEEP
  
  12288:YoNlFNIMvUB4q1Suw9NdELCpXMPbHjfGGnU:YoN7N+H1tegbPPfGGnU
Score

3^/10
behavioral5 behavioral6
- Target
  
  Ödeme kopyası.pdf.exe
- Size
  
  1.4MB
- MD5
  
  cb9df2754f620ea0739b3dd1e3e3422f
- SHA1
  
  579286334ac2305fe6fd5419e7b046d96e463033
- SHA256
  
  e6b72ddd31a53809013959c4d33297e28d76c73dfa9fad878f8bd64d69bae0b2
- SHA512
  
  9b70944f5327c06286e4231be84c7259dd92dcfc528bb8b31eb23587adba0d7ce67e6435f93ca7c39f6093f3f26e98288ef1c3cc80608ef5873acf433cceb9de
- SSDEEP
  
  24576:j1eTYAK4egHCAjifn/Na5OMiEX6/QgcixPMRNglNq7:5e/K4IAgcix4NgTq7
Score

10^/10

discovery agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

Suspicious use of NtCreateUserProcessOtherParentProcess

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8