agenttesla | d62b7e6e366b8017f943305ff0fe0ee8b72d0bc9c702fed753df64fee3350c90 | Triage

Sharing

General

Target

PO#4802567411.7z
Size

239KB
Sample

221003-p32ybsgbhm
MD5

3bf2031129706d94954be0661fb42077
SHA1

610dfd75d51c49d04a0add7a050657973cdb4613
SHA256

d62b7e6e366b8017f943305ff0fe0ee8b72d0bc9c702fed753df64fee3350c90
SHA512

114ade2dbf1c63bc21b9ed79a59305fc65ac6d44b36bcc9eb9360c563801d3eda36c657afa4fe71e53eab4fd50e32b86d5a1c7ee69ab50cf25f75839c07a1f7e
SSDEEP

6144:4edsWth8KIe5HMmpdUJjVV/yNXSxTI64VMI8NuC2/:4edsWrUkdK5/y4FIfqI8q/

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
andreasconstant@yandex.com
Password:
DreamChaser101

Targets

- Target
  
  PO#4802567411.exe
- Size
  
  580KB
- MD5
  
  f9e0af58ea534e3e64ee225824abd7e8
- SHA1
  
  11a3e3b9d90ee75f72d2b9306b96b2f23839ee3c
- SHA256
  
  7d7157dafa1904a0d5331931d078f7058a11316863715581fa3db547198029e3
- SHA512
  
  5dc831f1987607209eafac1038185b7bad004edc0938342ef544cdbf7668b22593d8c738858bd6c0fa41bcbe5b0ec2c4574d6979809d86875200c3aa8daf1473
- SSDEEP
  
  6144:D//V6dz5TntnRk4cneuBW1+LTmj4cwF3OnCqX2e0G+u1Pb5upJi9qC3oqQkTm:D/d6d1TtnXSvmj4jBqX2KFBbaVCA8m
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan