agenttesla | d1e37596ea3c5d8be494019288581d66277678d424ac8525f56fdf1b6f3c3c82 | Triage

Sharing

General

Target

DHL Paper work for new delivery pending.zip
Size

520KB
Sample

220920-hs782acbg5
MD5

83fa4f7dedecf3d55290187705096187
SHA1

1afde83cbf18ba58013b8bd4b7ca39c8cdc32668
SHA256

d1e37596ea3c5d8be494019288581d66277678d424ac8525f56fdf1b6f3c3c82
SHA512

d4286bffb48599aece2ad03322177351945335afc1065600b078f5d425fe4ab1c8e6275abae0b88b5f2420427fc256903e5476f39cd93621a0d15e4efa7ad951
SSDEEP

6144:qy7d3VreWve8foKc4qbRIAKPZlT8NIion80NyCn4F:NTDRfU46YhlT8GLdn4F

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5279095555:AAE4HwAzPbUle9whPqEu6faWeNRU-6BRHps/sendDocument

Targets

- Target
  
  DHL Paper work for new delivery pending.exe
- Size
  
  300.0MB
- MD5
  
  8c35866b025f430aa414b26a4c89c83e
- SHA1
  
  543ec275daf8ae6aaa269001c3c55a5094db4d94
- SHA256
  
  91c525cb0f58e54d045b4f37e35077df803ac7116a82a43c65427387e545185d
- SHA512
  
  cbb76e6de793ef680d2b22527e06cacc57ef1351a8c7d0995e11933e39fbfc8d1c60251eef371f93fecf3258c5aacdd47ef6a00af3f8cb0be0059cd9da418c51
- SSDEEP
  
  6144:BScGd7kbUdT6a5f4KRTvyMMzj6XZ9S7+5:EZ7RN6kf48GHm90+5
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan