agenttesla | c6a9aa7e0a62bdbd7ed39273a2e117e8b6efa5c1c535a0a521fa75cb82d0ca95 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FACTURAS PENDIENTES DE PAGO.exe
Size

877KB
Sample

220921-nz5z5sgbg8
MD5

3772656d859f951b41ed9897c3c61a6a
SHA1

bff4ee2bc5dc1e0856b143fad4731b9d11cf09bf
SHA256

c6a9aa7e0a62bdbd7ed39273a2e117e8b6efa5c1c535a0a521fa75cb82d0ca95
SHA512

7d24d52a14a403a798e315ed7ae05e537eac588604b2085c1e388f796aba76642b8c594ea47c9b03e66a5a1329b8d7ac20765df6ea7d88d8ab9c69f1716d257d
SSDEEP

24576:5CEKj8b1js/u+NeqnpwIsVzChFb4Kox5CZFUQtSxgOXdvpN:5CEs4j6yqnpwIsVzChFb4Kox5CZFUQt

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.entreosrios.com
Port:
587
Username:
[email protected]
Password:
Ticote42?

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
%2B
Port:
21
Username:
application/x-www-form-urlencoded
Password:
image/jpg

C2

p=

Targets

- Target
  
  FACTURAS PENDIENTES DE PAGO.exe
- Size
  
  877KB
- MD5
  
  3772656d859f951b41ed9897c3c61a6a
- SHA1
  
  bff4ee2bc5dc1e0856b143fad4731b9d11cf09bf
- SHA256
  
  c6a9aa7e0a62bdbd7ed39273a2e117e8b6efa5c1c535a0a521fa75cb82d0ca95
- SHA512
  
  7d24d52a14a403a798e315ed7ae05e537eac588604b2085c1e388f796aba76642b8c594ea47c9b03e66a5a1329b8d7ac20765df6ea7d88d8ab9c69f1716d257d
- SSDEEP
  
  24576:5CEKj8b1js/u+NeqnpwIsVzChFb4Kox5CZFUQtSxgOXdvpN:5CEs4j6yqnpwIsVzChFb4Kox5CZFUQt
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan