3c82fbd85a69de84fc7cb404bdd1cb849925a7b6b1053a6572cfb2b610a93a39

Target

Size

365KB

Sample

220521-pxycysbddq

Score

10 ^/10

MD5

d141b9a85cc5e2bfbb5ee251fca97dc7

SHA1

121e499e586fa793ca6d8ee2fff42ff4df9009cc

SHA256

3c82fbd85a69de84fc7cb404bdd1cb849925a7b6b1053a6572cfb2b610a93a39

SHA512

80dac691d80a310b37c94fc031e9ef3657a287988eb4c37afe8d45955bbde492fa52259ffa40181772b33a8f1284202d11bef92f2f5482e04f2ee13a2e2e9737

Extracted

Family	agenttesla
Credentials	Protocol: smtp Host: mail.pptoursperu.com Port: 587 Username: info@pptoursperu.com Password: mailppt2019-

Target

AWB DHL 6357297368.exe

MD5

1221300c3d055641e3067c1699aa20e3

Filesize

401KB

Score

10^/10

SHA1

736fb0ca19750112c72dfb189b4dc0539303f45e

SHA256

addb2e3a02342b031f2313bfc910927b94904faed320fc4b52e4b8fec77d622b

SHA512

7a4a365cc87d5d8acc68cceced203b48c2c63190e335294601e0c905fffc44ebc214aff2eb77cc352eafbb8c96fd000d9eed684746b7271560cda162ff935903

Signatures

AgentTesla
Description

Agent Tesla is a remote access tool (RAT) written in visual basic.
Tags

keylogger trojan stealer spyware agenttesla
AgentTesla Payload
Drops file in Drivers directory
Accesses Microsoft Outlook profiles
Tags

collection

TTPs

Email Collection
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Email Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

agenttesla collection keylogger spyware stealer trojan

10^/10

behavioral2

agenttesla collection keylogger spyware stealer trojan

10^/10

Extracted

Tags

Signatures

AgentTesla

Description

Tags

AgentTesla Payload

Drops file in Drivers directory

Accesses Microsoft Outlook profiles

Tags

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2