SC_UNMSM 06042021.exe

Target

Size

746KB

Sample

210408-k356mlmt32

Score

10 ^/10

MD5

d861e9c1a56f528517dd530d4e7f001c

SHA1

ae07d2ec36e18775bc8c6347c73a3057d7ea7991

SHA256

9f6ac087249c3b9b13c176d96113a3123d6986b536aac8573c89cd478770ecc5

SHA512

ca279e8b178520a42cc9983f7db0e65162ac0acd69276f45663e32ae96b9426cc262073eee8adeffffd765ab3baf864893c5f07d4accf22015ed824f7396ecd4

Extracted

Family	agenttesla
Credentials	Protocol: smtp Host: mail.chrismehat.com Port: 587 Username: market@chrismehat.com Password: vStcCO~Cyox6

Target

SC_UNMSM 06042021.exe

MD5

d861e9c1a56f528517dd530d4e7f001c

Filesize

746KB

Score

10 ^/10

SHA1

ae07d2ec36e18775bc8c6347c73a3057d7ea7991

SHA256

9f6ac087249c3b9b13c176d96113a3123d6986b536aac8573c89cd478770ecc5

SHA512

ca279e8b178520a42cc9983f7db0e65162ac0acd69276f45663e32ae96b9426cc262073eee8adeffffd765ab3baf864893c5f07d4accf22015ed824f7396ecd4

Signatures

AgentTesla

Description

Agent Tesla is a remote access tool (RAT) written in visual basic.

Tags

keylogger trojan stealer spyware agenttesla
AgentTesla Payload
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Scheduled Task

Privilege Escalation

static1

behavioral1

agenttesla keylogger spyware stealer trojan

10^/10

behavioral2

agenttesla keylogger spyware stealer trojan

10^/10

Extracted

Tags

Signatures

AgentTesla

Description

Tags

AgentTesla Payload

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2