agenttesla | 19e8aafe8289c2184453c670871767f9746512c2a2efc902c26fff986ec9cc37 | Triage

Sharing

General

Target

Ordre Krav 220922.xlxs.pdf(~67KB)_10.rar
Size

172KB
Sample

220922-qqnevafchq
MD5

51169ee4815fcd5e8fdfeb2f3edec2ea
SHA1

94ae9352e5090187026e979eb8c7116050f839e5
SHA256

19e8aafe8289c2184453c670871767f9746512c2a2efc902c26fff986ec9cc37
SHA512

176f77051bdf8809c1d084e5768c42e77c2c14da753f6e2ba5ff8001f4ef79656574e3312bff19fff66a2f27ec069d3b839c200f38baa3c8638f70823454e192
SSDEEP

3072:oVdCwikx0nseYUJiT9hwflTAI0z8jzpe1uI3Sf386r/pUk:mtksaJiphwtTAAOf3Sf3PVUk

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
%2B
Port:
21
Username:
application/x-www-form-urlencoded
Password:
image/jpg

C2

p=

Targets

- Target
  
  Vereisten voor bestellijst 220922.xlxs.pdf(~67KB).exe
- Size
  
  206KB
- MD5
  
  782766d8fb64ac0de4accb3d971cb63b
- SHA1
  
  4eca0095a47c936adf2357100a73a8b89b8aa388
- SHA256
  
  52d2abb85de115be28c584f6801451e67ffb745e1a2bba4589cc42430e6029aa
- SHA512
  
  76c4e9f13987f1bf28745e4cb53d8aaf8ef864f481399ed3115e8267f79fcc14b299a8ba94d7a06a71167e2e12809a8cba1092b0511d429c60adf66008b40ff9
- SSDEEP
  
  3072:WUa1zwTgRXMD1W01qfIUlrB3+f0+aZrC7X126+AEgFTQdP78jyhcHm:RqlRXMD1WrIUlowZmLh+AHTg8dG
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan