agenttesla | d96ee923cda8458627c393925aebc1f908ab6a40ebe8c9ea0f049e3edf27bce2 | Triage

Submit
Reports

Overview

overview

Static

static

tgwqjo.exe

windows7_x64

tgwqjo.exe

windows10_x64

3

Sharing

General

Target

tgwqjo
Size

831KB
Sample

200731-mbq3fdz3va
MD5

c9bdb2a0214fd34e21c9671da4bbbca4
SHA1

bd33a69c8926f4fd9747e9db063fcbae1e964bd5
SHA256

d96ee923cda8458627c393925aebc1f908ab6a40ebe8c9ea0f049e3edf27bce2
SHA512

5dd32f148634462317316e6ddcfdbe92d59a730dbd1949b68304bf2810d1a2075c273aaf29c7f6b2552273f03326274d56989d02c2e42f899ee5f79b702d4413

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

keylogger stealer agenttesla

Behavioral task

behavioral1

Sample

tgwqjo.exe

Resource

win7

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

tgwqjo.exe

Resource

win10

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
microsotft-office365-rules-co@yandex.ru
Password:
moneymoney77

Targets

- Target
  
  tgwqjo
- Size
  
  831KB
- MD5
  
  c9bdb2a0214fd34e21c9671da4bbbca4
- SHA1
  
  bd33a69c8926f4fd9747e9db063fcbae1e964bd5
- SHA256
  
  d96ee923cda8458627c393925aebc1f908ab6a40ebe8c9ea0f049e3edf27bce2
- SHA512
  
  5dd32f148634462317316e6ddcfdbe92d59a730dbd1949b68304bf2810d1a2075c273aaf29c7f6b2552273f03326274d56989d02c2e42f899ee5f79b702d4413
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

keyloggerstealeragenttesla

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy