agenttesla | 70958dc6350eb915075f117736f0da1972eed1b84d8ead53b21681736cd8a595 | Triage

Sharing

General

Target

INVOICE.zip
Size

542KB
Sample

221002-npe1zadce5
MD5

962a05ea3c4e9f39498bba4f19721bd5
SHA1

9385b55666422837179837b29503ccfd6d26455d
SHA256

70958dc6350eb915075f117736f0da1972eed1b84d8ead53b21681736cd8a595
SHA512

d295274ed1799d8e9e4a1dc8020e77bbfd512d5d7c6ae85e66ec98be722daf154278a34557c0e4dd5e2fc6e9792a589af74b32bdf686100a5e4123f46321feb8
SSDEEP

12288:iFMYbcEF1Owk8+CNZrBsmq3JbpO7UfTq/wkZu7g/xyakM5nL:zYbcg3iCzC3vO7UbStu7s4akmL

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5357159221:AAEuOoQ0pUc4ccIZou0EJ5Zin0mMneE2jYg/

Targets

- Target
  
  INVOICE.exe
- Size
  
  796KB
- MD5
  
  201b7a345545cb2cc3342793c126aa41
- SHA1
  
  4d1843c7a4a13758a904df9d0d094d10ee926c2e
- SHA256
  
  93323042c6db7f7e6a25b786f78e6be3c57f6d2b7d4d18394497f366bd5c2785
- SHA512
  
  7e1f1f14ad52955d5bfe63be3707bfe25a1edd75b4a9f8944333a02edb4aa62d3e04d1d810961c70d027aab1d92da8c4e4b95b853b3502f6ea11bf43855fa7d4
- SSDEEP
  
  12288:6xII2iN/a+gNXrfomo7VZpOvU9JqJwYFuEADqjJ5n3:e1bgVq7xOvU7CjuOjr3
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan