agenttesla | ef1a24d2f0c00529f3bd19d4fbc899e274e585af0c7de02f40b57eae4d5a8062 | Triage

Sharing

General

Target

Order No. I20220052.zip
Size

503KB
Sample

220930-r3514aegck
MD5

8ccc10089ebece4985b51cbfe5437537
SHA1

8b6237481918533f70558199acf268641c878c90
SHA256

ef1a24d2f0c00529f3bd19d4fbc899e274e585af0c7de02f40b57eae4d5a8062
SHA512

d080af8044a819f53030ecd6fe3f113b171b15ef5592379dc90367abb29d0cedb09b694089ab307ceb9111d9bbb26c8a7472a81a60b9884e812b540ffcb9b4b5
SSDEEP

12288:7yQ6KTNziPWX4idSq/zniC6opBAv+zH96hry8th4wiH659TqKWrrUQ:7nXziW5z/ziQp8IH96hry8H66vqKWj

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5357159221:AAEuOoQ0pUc4ccIZou0EJ5Zin0mMneE2jYg/

Targets

- Target
  
  Order No. I20220052.exe
- Size
  
  755KB
- MD5
  
  f38b4a25807e902e044ec404d40ac51d
- SHA1
  
  c741b10d60d9e7fcd92b2eaf1307c2b2a93e49a2
- SHA256
  
  97402389904e8f2dce21eb51b5d80f9c45bfff592e7e6795703ebdb16f6740cc
- SHA512
  
  51925e659522673edb268017282302229f7fef0191c43c7c012ae27a9932b565eb6e9822f1eb5734a3a32dd69907f0f0c72c514b2a18131fc5612e88be9d027b
- SSDEEP
  
  12288:62xrADqjJ5nqCSojB2v+zV9cvrs8fP6mU36R950+9MK:Pjrqaj2IV9cvrs8Xq6Ze
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan