agenttesla | 13d0afd63f18026aa5bc99e645402fea1523982509969368092d8245c9041b90 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Απαιτήσεις_0190922.exe
Size

204KB
Sample

220920-mpyyeagdcr
MD5

b51a4c4102d728e30779eeea0892a964
SHA1

925938384b83b2932a93c9f4a49eb82412c5bfb8
SHA256

13d0afd63f18026aa5bc99e645402fea1523982509969368092d8245c9041b90
SHA512

3097c60f2dfd23bb36713f522972260fb0b8e049786849ed3c2938d292a39d52f419ab488c3bf66425c832ece1d045b78fe949c1f6246e7453a2598a154db148
SSDEEP

6144:sNtQkRopM1vKoujmx8VUaJh4reniggIHsbjG:e6kRomhig8grcrJMe

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
%2B
Port:
21
Username:
application/x-www-form-urlencoded
Password:
image/jpg

C2

p=

Targets

- Target
  
  Απαιτήσεις_0190922.exe
- Size
  
  204KB
- MD5
  
  b51a4c4102d728e30779eeea0892a964
- SHA1
  
  925938384b83b2932a93c9f4a49eb82412c5bfb8
- SHA256
  
  13d0afd63f18026aa5bc99e645402fea1523982509969368092d8245c9041b90
- SHA512
  
  3097c60f2dfd23bb36713f522972260fb0b8e049786849ed3c2938d292a39d52f419ab488c3bf66425c832ece1d045b78fe949c1f6246e7453a2598a154db148
- SSDEEP
  
  6144:sNtQkRopM1vKoujmx8VUaJh4reniggIHsbjG:e6kRomhig8grcrJMe
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan