agenttesla | d5f80dc5dd44d34ff64284cd464ab1cc4e765ea2f847a23059aa7d6a96aad58a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

171.22.30.3_-_jam_-_OWWloc49d5MU31t.exe___7ae724a3ea13868ea06a6647095b0269.dat
Size

1.0MB
Sample

220921-adq27sefe7
MD5

7ae724a3ea13868ea06a6647095b0269
SHA1

f7d1ebb6b15ef92b78cd4a052e90b77cace3fa12
SHA256

d5f80dc5dd44d34ff64284cd464ab1cc4e765ea2f847a23059aa7d6a96aad58a
SHA512

ea44cbfd84f578459b083afc44fdeb2e6a6db034e028645eeb0664108a90b16c4403bc80e51397349451648b91ed06ed84740d1029d98e4db1edcd65d1afeeb9
SSDEEP

12288:Q5fD9fzLZuTDnNjobxvB80OkjI1SQkhEcoG1JH0YSsgSP8gmw3RGsWYK0GYhbKl:Q5LtSpSexkhEct1l0YtsvfL

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5303391731:AAHgANxN9kUfbvqFTFYVO20qP1ENm26KUMk/sendDocument

Targets

- Target
  
  171.22.30.3_-_jam_-_OWWloc49d5MU31t.exe___7ae724a3ea13868ea06a6647095b0269.dat
- Size
  
  1.0MB
- MD5
  
  7ae724a3ea13868ea06a6647095b0269
- SHA1
  
  f7d1ebb6b15ef92b78cd4a052e90b77cace3fa12
- SHA256
  
  d5f80dc5dd44d34ff64284cd464ab1cc4e765ea2f847a23059aa7d6a96aad58a
- SHA512
  
  ea44cbfd84f578459b083afc44fdeb2e6a6db034e028645eeb0664108a90b16c4403bc80e51397349451648b91ed06ed84740d1029d98e4db1edcd65d1afeeb9
- SSDEEP
  
  12288:Q5fD9fzLZuTDnNjobxvB80OkjI1SQkhEcoG1JH0YSsgSP8gmw3RGsWYK0GYhbKl:Q5LtSpSexkhEct1l0YtsvfL
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan