agenttesla | b1a091b1d18979b9b48d2f1c481c0b61a811422d5c79df0ceb79322755c198d4 | Triage

Sharing

General

Target

SHIPMENT DOCUMENT.zip
Size

526KB
Sample

220930-q5s9msefbn
MD5

a7e568477b141132d7dfeb9ea6392b98
SHA1

fd017111e1ac612558b075ca3c32835793e885f2
SHA256

b1a091b1d18979b9b48d2f1c481c0b61a811422d5c79df0ceb79322755c198d4
SHA512

8f494052ece95508d12b5dde3231f945cae363aa88bcf51a6ce77b069d9ba230d82aded580e51607fa93ea1ac23fcb41f602b944371cb359d75819c5a199bba7
SSDEEP

12288:rQuALOV8XMF1IhdWOigEAs5UA5mnp+1UbyhIqvfNeNSW:rQZLO4BhdlWh5L5aIQILvV0

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5357159221:AAEuOoQ0pUc4ccIZou0EJ5Zin0mMneE2jYg/

Targets

- Target
  
  SHIPMENT DOCUMENT.exe
- Size
  
  848KB
- MD5
  
  75116e224789066aeb6c83cbce17310a
- SHA1
  
  81b07f3125c34912405144bbcf3f751c334d35da
- SHA256
  
  bc3ecc8f2b20fb6d4bcf4ef92565c58c19040f5309e5cadbaa474344b7161f21
- SHA512
  
  d6bdab45a90ab60f67fdf9937dd01802d5207eb1192efc95046aae680be6a1aff496d2287ae1f4c0768ef73f364534850d5a249bda6834475c85deabd616ab62
- SSDEEP
  
  12288:r7bEXVFExN3AXkVB2hFWoiawAspUytmnP+zUj/woqjJ5nAp0:3bIVFxFhFTChpXtaGgmjrt
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan