agenttesla | 97fcc96f5cabb14de13c297ee437dedec50fe6038e5ad2708721114a63ee594a | Triage

Sharing

General

Target

Docs.exe
Size

902KB
Sample

220930-qs7aqseehl
MD5

d63bc4ad5fcf9c970ea56abf2619f8d3
SHA1

42e7d7bf12ccdc7c132bb2c4cc26a74add7cfbac
SHA256

97fcc96f5cabb14de13c297ee437dedec50fe6038e5ad2708721114a63ee594a
SHA512

76b5e1640a608a9e07648da16cc585b941a7da2142aadce5499be8e4355b4defe2f072c9ec15bb827ea0d87536693784ef186ff31a734e4290ec0ebf2a798616
SSDEEP

12288:MQYt2iNOAmdwwCgXCRNCyqkP1wMbVTP1RdqjJ5nLmcYUMtf3eizCaMGmSZB3mOI4:yt1yNoRNCf+1w+Vb1GjrLM

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.multifastners.net
Port:
587
Username:
[email protected]
Password:
eqr3J[&x}Wv?OpZ#Aa

Targets

- Target
  
  Docs.exe
- Size
  
  902KB
- MD5
  
  d63bc4ad5fcf9c970ea56abf2619f8d3
- SHA1
  
  42e7d7bf12ccdc7c132bb2c4cc26a74add7cfbac
- SHA256
  
  97fcc96f5cabb14de13c297ee437dedec50fe6038e5ad2708721114a63ee594a
- SHA512
  
  76b5e1640a608a9e07648da16cc585b941a7da2142aadce5499be8e4355b4defe2f072c9ec15bb827ea0d87536693784ef186ff31a734e4290ec0ebf2a798616
- SSDEEP
  
  12288:MQYt2iNOAmdwwCgXCRNCyqkP1wMbVTP1RdqjJ5nLmcYUMtf3eizCaMGmSZB3mOI4:yt1yNoRNCf+1w+Vb1GjrLM
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan