agenttesla | 301e1fa5855704be7f2c773cb7393098c89fe31b40dc6237420835d1c53a6a64 | Triage

Submit
Reports

Overview

overview

Static

static

SHIPPING D...TE.exe

windows7_x64

SHIPPING D...TE.exe

windows10_x64

Sharing

General

Target

SHIPPING DOCUMENTS AND EXIT ENTRY NOTE.exe
Size

1.4MB
Sample

200624-8cy4b4kc62
MD5

4c44f7cd52dd7f496a3becf1c1de3dca
SHA1

dacdf39c0c61a74b8f30d406ab8d7e2575244e19
SHA256

301e1fa5855704be7f2c773cb7393098c89fe31b40dc6237420835d1c53a6a64
SHA512

33393a0187ae4005f3f4e569dda510b9d6abb89fbfb6da0038a13457fed9e5ef972f6919d15aa765c9ceec583bc9639359dbfc793f5a9c1aa3d7f3e43d518dce

Score

10^/10

agenttesla nanocore keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SHIPPING DOCUMENTS AND EXIT ENTRY NOTE.exe

Resource

win7

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SHIPPING DOCUMENTS AND EXIT ENTRY NOTE.exe

Resource

win10v200430

agenttesla nanocore keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.rajalakshmi.co.in
Port:
587
Username:
projects@rajalakshmi.co.in
Password:
016_PROjects*

Targets

- Target
  
  SHIPPING DOCUMENTS AND EXIT ENTRY NOTE.exe
- Size
  
  1.4MB
- MD5
  
  4c44f7cd52dd7f496a3becf1c1de3dca
- SHA1
  
  dacdf39c0c61a74b8f30d406ab8d7e2575244e19
- SHA256
  
  301e1fa5855704be7f2c773cb7393098c89fe31b40dc6237420835d1c53a6a64
- SHA512
  
  33393a0187ae4005f3f4e569dda510b9d6abb89fbfb6da0038a13457fed9e5ef972f6919d15aa765c9ceec583bc9639359dbfc793f5a9c1aa3d7f3e43d518dce
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan nanocore
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- AgentTesla Payload
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslananocorekeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy