agenttesla | 0f2179bdea52208747bcd067addc90ad13120aa936c9bda8c319a51b6d8715d0 | Triage

Sharing

General

Target

Your new dhl delivery needs your attention to complete.zip
Size

654KB
Sample

220521-lqgj3sbeg7
MD5

3091b9965de8e026e855cf987070550d
SHA1

a49e51847fb77bebb9c8e2f84f49214d4c790e35
SHA256

0f2179bdea52208747bcd067addc90ad13120aa936c9bda8c319a51b6d8715d0
SHA512

6c93ee76140847fbe0196cf83b33211a8537e028db7586fe847574e829ebd28158290d89961c85e58cb9bde7c3d1d572914ef78eb036610c84dcf65bdbed1736

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5279095555:AAE4HwAzPbUle9whPqEu6faWeNRU-6BRHps/sendDocument

Targets

- Target
  
  Your new dhl delivery needs your attention to complete.exe
- Size
  
  300.0MB
- MD5
  
  b41efc1903f715c9de2bc95f2658fec8
- SHA1
  
  9ed3a81ae8a2c32a35b67df0d640cea7e18dfbc2
- SHA256
  
  53cdcdb4a33a697bcc90680e2e9b8e757b1ff04c0ff75acbeb86434d0aef6670
- SHA512
  
  63680e9bc9bd1c65bd8507a44cf54cc4548728b2a5fbef143b990c026e4f72ef80c2b2b06072d36da5480bfe810384b061001dc6140c968ef4b68468edf410d0
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan