agenttesla | efe1e2dfcb71640bc73b4627dcafebf3a71fc45b6118f6ecf5997f3796d993b8 | Triage

Sharing

General

Target

86cd3688ed1a46971debbe78462e7da1
Size

1.6MB
Sample

210726-eyehfyygj2
MD5

86cd3688ed1a46971debbe78462e7da1
SHA1

d917469c6eaa9d012d914fe5278bd2c5603d083c
SHA256

efe1e2dfcb71640bc73b4627dcafebf3a71fc45b6118f6ecf5997f3796d993b8
SHA512

1222d70ece3ebd335552146b6de06070ecb393d127f066eed140b386ed6635c6fa3f056db3a30c2c2894112a624fcb5a2b62415a9edb04929d6810872d6d6209

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
aguffey@tpsovans.com
Password:
PbQ)ubh9

Targets

- Target
  
  86cd3688ed1a46971debbe78462e7da1
- Size
  
  1.6MB
- MD5
  
  86cd3688ed1a46971debbe78462e7da1
- SHA1
  
  d917469c6eaa9d012d914fe5278bd2c5603d083c
- SHA256
  
  efe1e2dfcb71640bc73b4627dcafebf3a71fc45b6118f6ecf5997f3796d993b8
- SHA512
  
  1222d70ece3ebd335552146b6de06070ecb393d127f066eed140b386ed6635c6fa3f056db3a30c2c2894112a624fcb5a2b62415a9edb04929d6810872d6d6209
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan