agenttesla | 80e81c6340d42db32204bad83edebd1a2810d469e924761fc4602e62b5721668 | Triage

Sharing

General

Target

S O A EUR 106902.50.zip
Size

610KB
Sample

220930-t9dljafahk
MD5

b9d2e630b122f6d854d678e63e0ea03a
SHA1

7d94210e325659dfd17fea0425f03a90d85fe778
SHA256

80e81c6340d42db32204bad83edebd1a2810d469e924761fc4602e62b5721668
SHA512

5143989825538fd7d54e1d2aa6aceb8c6473866103931a9672d5d91c12d1aa56a1e362bb83998d6ac35668bf463cbf3ac6c5e765a6cdb36a1e6f4337b73dc464
SSDEEP

12288:P3zV2iNjWyaUpHNfqxuLnFtMTCVF9VEJDEULmE2yLw6omS06:P3B1dW9U2xuLFtXJEJNzOvd

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.dinrack.com
Port:
587
Username:
[email protected]
Password:
Dms12345*

Targets

- Target
  
  S O A EUR 106902.50.exe
- Size
  
  1.0MB
- MD5
  
  d2f3d419a057ee5d710a920c8c895b55
- SHA1
  
  7abc9867da84b0285aa7ad36e3a21c62f26366b6
- SHA256
  
  e4cd44ae818b92b18aedaec38f04f96b01e134ddfe70d3a659b1c8ab68910465
- SHA512
  
  f94b52ba9f6e407465c9f53eea23d3f16d6fd1afe57e0a94f53c51193870acdd4393af48c5e432c6e9e614dfb1bc3f4a6ef801f131ec958216de862daf87ab44
- SSDEEP
  
  12288:Rf9Y2iNw0+9MKdADqjJ5nh9KTCDP7VqlDMU5eUdmmXS6uP4XFevDf9NcAFsaxe:RfG1IeAjrh9fJqlUj
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan