agenttesla | c8c4a0f5bc0278f9392a4356ac121458f0f4d10420f65b468e7556b08c84ff5e | Triage

Sharing

General

Target

rScan_0984829339_PDF.exe
Size

215KB
Sample

241015-x8cvdsxarm
MD5

a89dce2412407f0bd1f4b9e575545aeb
SHA1

9ad65f7f6252c2df5c97b44000d12c988ec7d4a1
SHA256

c8c4a0f5bc0278f9392a4356ac121458f0f4d10420f65b468e7556b08c84ff5e
SHA512

74577fb4db7127dd8137dccaab8d05a5f4254acd19d5c6219a60174010e5d4dad5a688b9ee61727972f503eb33e59ec10b3d84871ced3ca4ae10e59669140f61
SSDEEP

3072:vt18yO+SfeIWIWUE5fGEgHmUfjPGBTOqAnulg7eQ5RxDkktr/8G1doRb8JJUAJU2:V1z9IWbnhP8QQk41E

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/

Targets

- Target
  
  rScan_0984829339_PDF.exe
- Size
  
  215KB
- MD5
  
  a89dce2412407f0bd1f4b9e575545aeb
- SHA1
  
  9ad65f7f6252c2df5c97b44000d12c988ec7d4a1
- SHA256
  
  c8c4a0f5bc0278f9392a4356ac121458f0f4d10420f65b468e7556b08c84ff5e
- SHA512
  
  74577fb4db7127dd8137dccaab8d05a5f4254acd19d5c6219a60174010e5d4dad5a688b9ee61727972f503eb33e59ec10b3d84871ced3ca4ae10e59669140f61
- SSDEEP
  
  3072:vt18yO+SfeIWIWUE5fGEgHmUfjPGBTOqAnulg7eQ5RxDkktr/8G1doRb8JJUAJU2:V1z9IWbnhP8QQk41E
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan