agenttesla | e8cb54fc07335dd8c060f355cfb8df7b13ef33f6a3b7e29020be099c08228bbb | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.DownloaderNET.345.1426.23758.exe
Size

368KB
Sample

220930-s2ggsaehen
MD5

33e68a7510dcfb5bde633f26fdeca472
SHA1

e680a3fdd550eb4a6aca20b30a36e05eb45415ea
SHA256

e8cb54fc07335dd8c060f355cfb8df7b13ef33f6a3b7e29020be099c08228bbb
SHA512

736e594d7d855053cab8809228e005d0217b0010b60bb71bd5cc8d4dc1604c7703dc884d0cbb0c6f9e27cb73a6cfe2c9095c258ba4fd4a991251fe5419919fa2
SSDEEP

6144:BWanHVEMY712J9kd4hOktonWXXcd/yy1a+:nn1E5E/bhOktonWXOKy1

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Trojan.DownloaderNET.345.1426.23758.exe
- Size
  
  368KB
- MD5
  
  33e68a7510dcfb5bde633f26fdeca472
- SHA1
  
  e680a3fdd550eb4a6aca20b30a36e05eb45415ea
- SHA256
  
  e8cb54fc07335dd8c060f355cfb8df7b13ef33f6a3b7e29020be099c08228bbb
- SHA512
  
  736e594d7d855053cab8809228e005d0217b0010b60bb71bd5cc8d4dc1604c7703dc884d0cbb0c6f9e27cb73a6cfe2c9095c258ba4fd4a991251fe5419919fa2
- SSDEEP
  
  6144:BWanHVEMY712J9kd4hOktonWXXcd/yy1a+:nn1E5E/bhOktonWXOKy1
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan