agenttesla | 0d8ee7843db6ed92cd471a56241636ea54126f5754c21f6a76e124e7e92ecaa6 | Triage

Sharing

General

Target

1.exe
Size

431KB
Sample

220522-fxnzvafdh6
MD5

3c5da11e93c2ec1614972cf97f02e84a
SHA1

f95e47bb3846d8e76e1c57ae87fbbedbd8a80eae
SHA256

0d8ee7843db6ed92cd471a56241636ea54126f5754c21f6a76e124e7e92ecaa6
SHA512

dd02fc20307945985a123a4f96d045e089e21e61a6e8f055f12db3b1f2e31c49cd8a71e12e44d2f154a61a4a351b139e5c0a950ca5818746ef540bf598b52f91

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.ccmegaengineering.com
Port:
587
Username:
Info@ccmegaengineering.com
Password:
greatman123@

Extracted

Credentials

Protocol: smtp
Host:
mail.ccmegaengineering.com
Port:
587
Username:
Info@ccmegaengineering.com
Password:
greatman123@

Targets

- Target
  
  1.exe
- Size
  
  431KB
- MD5
  
  3c5da11e93c2ec1614972cf97f02e84a
- SHA1
  
  f95e47bb3846d8e76e1c57ae87fbbedbd8a80eae
- SHA256
  
  0d8ee7843db6ed92cd471a56241636ea54126f5754c21f6a76e124e7e92ecaa6
- SHA512
  
  dd02fc20307945985a123a4f96d045e089e21e61a6e8f055f12db3b1f2e31c49cd8a71e12e44d2f154a61a4a351b139e5c0a950ca5818746ef540bf598b52f91
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan