agenttesla

General

Target

FATTURA_46082_ELEPHANTSCAVI-scan.vbs
Size

4KB
Sample

211018-nhqh5aeddk
MD5

dfeab6c2910012eba15a7b4dc56b80f5
SHA1

262560445a9f351cc2a1535fbf6857a9eb1eef0e
SHA256

6db5f541f73470c314a570b21d90f78e91af21bbf5851660118566ffca9a1140
SHA512

e2776b36a4cbad55ece79090352d03d097017b867dc4459d53ffdc2ca50ccff18223fc4248896875368eedf6cd372cfed83e32358a3a7b979730c4ffe0549a26

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://hkuakdsjkjkhdskdskjkdskdsj.000webhostapp.com/bypass.txt

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1728790391:AAGzyc8dIVEVbURhCAMFPa0FGpI3HdqfdEc/sendDocument

Targets

- Target
  
  FATTURA_46082_ELEPHANTSCAVI-scan.vbs
- Size
  
  4KB
- MD5
  
  dfeab6c2910012eba15a7b4dc56b80f5
- SHA1
  
  262560445a9f351cc2a1535fbf6857a9eb1eef0e
- SHA256
  
  6db5f541f73470c314a570b21d90f78e91af21bbf5851660118566ffca9a1140
- SHA512
  
  e2776b36a4cbad55ece79090352d03d097017b867dc4459d53ffdc2ca50ccff18223fc4248896875368eedf6cd372cfed83e32358a3a7b979730c4ffe0549a26
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Blocklisted process makes network request
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

AgentTesla Payload

Blocklisted process makes network request

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2