agenttesla | 8fe565d0d9814b5e6430d3799676b1a3b5c24e64bde8a1f7f832aef1f86946e7 | Triage

Sharing

General

Target

URGENT REQUEST.zip
Size

542KB
Sample

221002-npe1zadce4
MD5

c74ed9c929e8d1f257ac4c7f72bd7ae4
SHA1

2163aeb830524aee6be12083a998f0f0682a39fa
SHA256

8fe565d0d9814b5e6430d3799676b1a3b5c24e64bde8a1f7f832aef1f86946e7
SHA512

a4c74f6ad4512ae000d75e7753e267bbd0c312e050d0e6293814bf8531120998a4897ec0ee41bf6c509e077ee00996feb4407d1170f728efa864e7cb9fdde369
SSDEEP

12288:mFMYbcEF1Owk8+CNZrBsmq3JbpO7UfTq/wkZu7g/xyakM5nf:3Ybcg3iCzC3vO7UbStu7s4akmf

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5357159221:AAEuOoQ0pUc4ccIZou0EJ5Zin0mMneE2jYg/

Targets

- Target
  
  URGENT REQUEST.exe
- Size
  
  796KB
- MD5
  
  201b7a345545cb2cc3342793c126aa41
- SHA1
  
  4d1843c7a4a13758a904df9d0d094d10ee926c2e
- SHA256
  
  93323042c6db7f7e6a25b786f78e6be3c57f6d2b7d4d18394497f366bd5c2785
- SHA512
  
  7e1f1f14ad52955d5bfe63be3707bfe25a1edd75b4a9f8944333a02edb4aa62d3e04d1d810961c70d027aab1d92da8c4e4b95b853b3502f6ea11bf43855fa7d4
- SSDEEP
  
  12288:6xII2iN/a+gNXrfomo7VZpOvU9JqJwYFuEADqjJ5n3:e1bgVq7xOvU7CjuOjr3
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan