agenttesla | ffed343fe455e280cb1f16b5dcacf4750d20ba4c0adb21d905f1eecd7fbab60c | Triage

Sharing

General

Target

Bank payment swift message.exe
Size

821KB
Sample

220919-qsyctsbaa8
MD5

5af28c53848480d8cc1fe0fc3058f37b
SHA1

0e3ae55389158a8a02df01201efd67b62cecc4b4
SHA256

ffed343fe455e280cb1f16b5dcacf4750d20ba4c0adb21d905f1eecd7fbab60c
SHA512

f9ad33a0041c4aa4d4a34a63219bc1a771a5706e1fc4c4a2a9d0ee92b64a48f643d79b3e532cba89842f709a485017a4581ebbc7aed8a411b1f0d7d7f7a8996c
SSDEEP

12288:exYdXOVKj5tTQbX9BB9H4OespX2WVpYJWSADqjJ5n:/eEFByN/hzbpX/+W0jr

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
%2B
Port:
21
Username:
application/x-www-form-urlencoded
Password:
image/jpg

C2

p=

Extracted

Credentials

Protocol: smtp
Host:
mail.multifastners.net
Port:
587
Username:
[email protected]
Password:
eqr3J[&x}Wv?OpZ#Aa

Targets

- Target
  
  Bank payment swift message.exe
- Size
  
  821KB
- MD5
  
  5af28c53848480d8cc1fe0fc3058f37b
- SHA1
  
  0e3ae55389158a8a02df01201efd67b62cecc4b4
- SHA256
  
  ffed343fe455e280cb1f16b5dcacf4750d20ba4c0adb21d905f1eecd7fbab60c
- SHA512
  
  f9ad33a0041c4aa4d4a34a63219bc1a771a5706e1fc4c4a2a9d0ee92b64a48f643d79b3e532cba89842f709a485017a4581ebbc7aed8a411b1f0d7d7f7a8996c
- SSDEEP
  
  12288:exYdXOVKj5tTQbX9BB9H4OespX2WVpYJWSADqjJ5n:/eEFByN/hzbpX/+W0jr
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan