agenttesla | b300c07b893cb96c124ffb028d36e8284425502c3d079affe53fede663913fbe | Triage

Sharing

General

Target

SOA.zip
Size

503KB
Sample

220930-r5ab7sdhb8
MD5

120ce58655a09192da3d759cef83451a
SHA1

b2f76635d536ddad7e8e437129e17668598f7df1
SHA256

b300c07b893cb96c124ffb028d36e8284425502c3d079affe53fede663913fbe
SHA512

11d4d81bd6891b9955b09fa0ccd8c48b6cca73197a14d8d0ee66650288a7fdffc652f884b756f954755c224da3e9e2fff655454d5660b5cbf1a3b5b5023bd1f3
SSDEEP

12288:3yQ6KTNziPWX4idSq/zniC6opBAv+zH96hry8th4wiH659TqKWrrU4:3nXziW5z/ziQp8IH96hry8H66vqKW/

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5357159221:AAEuOoQ0pUc4ccIZou0EJ5Zin0mMneE2jYg/

Targets

- Target
  
  SOA.exe
- Size
  
  755KB
- MD5
  
  f38b4a25807e902e044ec404d40ac51d
- SHA1
  
  c741b10d60d9e7fcd92b2eaf1307c2b2a93e49a2
- SHA256
  
  97402389904e8f2dce21eb51b5d80f9c45bfff592e7e6795703ebdb16f6740cc
- SHA512
  
  51925e659522673edb268017282302229f7fef0191c43c7c012ae27a9932b565eb6e9822f1eb5734a3a32dd69907f0f0c72c514b2a18131fc5612e88be9d027b
- SSDEEP
  
  12288:62xrADqjJ5nqCSojB2v+zV9cvrs8fP6mU36R950+9MK:Pjrqaj2IV9cvrs8Xq6Ze
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan