agenttesla | d307a2006bf0bf7398bcc49b160ae6940913e30525520d4209e9405b8c469df9 | Triage

Sharing

General

Target

ed0b480865490b221c5c4956c0684c7c
Size

1.7MB
Sample

220908-xx7wdsfda7
MD5

ed0b480865490b221c5c4956c0684c7c
SHA1

3212d3a032251f11fc536d02d5ca78d14dfe86ef
SHA256

d307a2006bf0bf7398bcc49b160ae6940913e30525520d4209e9405b8c469df9
SHA512

02a30b1efd1fc345b64b5e7a3798014f0cdbef4521c4f687d6a4081c584ca097b15d5003980dca0351ea4d8ccfd947526e6ff84dedfa8cd11fca266da366cc18
SSDEEP

6144:W94dCAEk2q4lLjIx+zpGPeC86XmVDlYZklrI8Wm/cj3wLg:qbAj2tBjO+ddCuun

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
%2B
Port:
21
Username:
application/x-www-form-urlencoded
Password:
image/jpg

C2

p=

Targets

- Target
  
  IMG Ajánlatkérés RBT MFG.pdf(48KB).exe
- Size
  
  177KB
- MD5
  
  c1ede307aa869da7eb1e29b89e448ec8
- SHA1
  
  fae816111cee6b6ae9f713707d433ba40c3b0f48
- SHA256
  
  47a4d52d3687076b619a6b7fd7327c3d516ee5a54037154b347020af88f361de
- SHA512
  
  e3660a0b1b406b49c896c689bd6237aab05cd22fe8b78b8c81ec198c99a31e7a451599d63b036c27d0ed40658915774eacb5d1b5e3808aadb6b636a72c4221b0
- SSDEEP
  
  3072:DxXpafQp1KIHTYoVzmvTZdJY9dcyToCeyFyYHUqZqcKStrfXAlBym:Dxcop11HUoVmLZdJs2yTopwyYHLZDKM0
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan