agenttesla | 16eb3843463270afc6d5583d41f6e3388f09c89c60b6901ae8f707366e773b04 | Triage

Sharing

General

Target

DOCUMENT.zip
Size

734KB
Sample

220926-rwaxdacccl
MD5

8a746c543a8a6ae8ee4af431b878b70e
SHA1

4dddb2dee40bd74f8081ef65f4f0fe21d561efba
SHA256

16eb3843463270afc6d5583d41f6e3388f09c89c60b6901ae8f707366e773b04
SHA512

f4b2c015f79b2e5617493e35894712ae3a4acca3bfa5f8d4000db4a5b3f8daf17cefc9bf373b21450bf3136b146a0f6d386943acb5baca9ed791aae68fb49b08
SSDEEP

12288:jTN1KzzLVtelUwX1mylU9ZW8wjGaatphidyB4Ulvd00GjJRzzDKVtT1PiNjNGx6f:3GzzptHyJaDaatz4UlvdDqwvi9yG97K4

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.dinrack.com
Port:
587
Username:
[email protected]
Password:
Dms12345*

Targets

- Target
  
  DOCUMENT.exe
- Size
  
  870KB
- MD5
  
  7e71c7032894cb66c2ca4a012cca8601
- SHA1
  
  e8a34be78ce9d2764b9918013161f473e2235122
- SHA256
  
  02d7ea8150247699ab96e21bee73c03a4fa8c2e81ecd6091f55a3f417f1c9631
- SHA512
  
  356e851fc436c121dc57511a7d426a9392ed0a716a0a501d64119135d468a3ac8202291f83e8972b04bdcc2ac43159b7a1c5dc8e633f442f4b444831e2405720
- SSDEEP
  
  24576:Ucfof0gtR/iJuRyaDX4elZdtAcJi97jr:ZihZRPIeh8p
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan