agenttesla | 7bf952d355f80dc19b83164adaca95e41edd43a9e00e892a55293559a0b8f73f | Triage

Sharing

General

Target

7bf952d355f80dc19b83164adaca95e41edd43a9e00e892a55293559a0b8f73f
Size

1.2MB
Sample

241212-bnqpvsvpdw
MD5

a7a9d52d9dc472157c5c1dfb50e3b1e0
SHA1

c9174cd635588d24f89596a1f5c91e4319022a32
SHA256

7bf952d355f80dc19b83164adaca95e41edd43a9e00e892a55293559a0b8f73f
SHA512

f41cea1b8861e5b76eb3b7b045b10a8f3a951122b2c397e9e4e9c7ca2432c2b8f2a6687eb6089eea7de2f300f128128b034178f3b61d3cb48b0016d4323783e6
SSDEEP

24576:Mu6J33O0c+JY5UZ+XC0kGso6FaNYNtekH+DieUa0DsWY:Wu0c++OCvkGs9FaN+tekeDiqMY

Score

10^/10

agenttesla collection credential_access discovery keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  7bf952d355f80dc19b83164adaca95e41edd43a9e00e892a55293559a0b8f73f
- Size
  
  1.2MB
- MD5
  
  a7a9d52d9dc472157c5c1dfb50e3b1e0
- SHA1
  
  c9174cd635588d24f89596a1f5c91e4319022a32
- SHA256
  
  7bf952d355f80dc19b83164adaca95e41edd43a9e00e892a55293559a0b8f73f
- SHA512
  
  f41cea1b8861e5b76eb3b7b045b10a8f3a951122b2c397e9e4e9c7ca2432c2b8f2a6687eb6089eea7de2f300f128128b034178f3b61d3cb48b0016d4323783e6
- SSDEEP
  
  24576:Mu6J33O0c+JY5UZ+XC0kGso6FaNYNtekH+DieUa0DsWY:Wu0c++OCvkGs9FaN+tekeDiqMY
Score

10^/10

agenttesla collection credential_access discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectioncredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectioncredential_accessdiscoverykeyloggerpersistencespywarestealertrojan