agenttesla | 4189c6d0a3e9df2b499fcb406392cedd451f741da89f831c74a1a7ce0db25169 | Triage

Sharing

General

Target

RE Shipment Docs.zip
Size

593KB
Sample

221002-np1mnsegap
MD5

b17cbcc53e0dfeac329602984422c25c
SHA1

fd18e14b857d39c5574192f60e1b6c55f8c48080
SHA256

4189c6d0a3e9df2b499fcb406392cedd451f741da89f831c74a1a7ce0db25169
SHA512

4220e8e6526235a204024505e189ca76064c66eb0875a7627a098a3fd5f6475282d022115144c532dbb46f2cf302ec19f6091f2329926728e322602f3f8248b6
SSDEEP

12288:cfOD9rVWmTvE9YBytbU3TFf0UQC9+1LbAtMqU0IM0mx7PGGSlq7+I9p:bd/MA+YDFf0UQC9+RbAj3IM0YLmg6I9p

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.eserkaynak.com.tr
Port:
587
Username:
muharrem@eserkaynak.com.tr
Password:
063277+-

Targets

- Target
  
  boni.exe
- Size
  
  919KB
- MD5
  
  76f92fb8a9fe431d2521d9c4737a79e6
- SHA1
  
  f5fce0be88159c0bfb97abf0bedee0bcf2499a50
- SHA256
  
  89c6767c25e53fc20151a421134f1bda69d1106a7b827bc7de00dd895d96eda7
- SHA512
  
  00847f5c678eaa26cf6fdf98bc76f953a20bc7c6a62510f83bf46a8d8e19e079e82e5bfdf6f6e7187ef23272f621195694a50e1dba642218d919fa53b4a0d7aa
- SSDEEP
  
  12288://2iq2iN7A4S5sVUJ8BytbkZTFpcUQC9+1LfAtMqqejvqjJ5n41r2R2y+kGelsxC:Wiq1rsBc+AlFpcUQC9+RfAjDjCjr5
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan