agenttesla | 7d7157dafa1904a0d5331931d078f7058a11316863715581fa3db547198029e3 | Triage

Sharing

General

Target

PO#4802567411.exe
Size

580KB
Sample

221003-p32ybsgbhn
MD5

f9e0af58ea534e3e64ee225824abd7e8
SHA1

11a3e3b9d90ee75f72d2b9306b96b2f23839ee3c
SHA256

7d7157dafa1904a0d5331931d078f7058a11316863715581fa3db547198029e3
SHA512

5dc831f1987607209eafac1038185b7bad004edc0938342ef544cdbf7668b22593d8c738858bd6c0fa41bcbe5b0ec2c4574d6979809d86875200c3aa8daf1473
SSDEEP

6144:D//V6dz5TntnRk4cneuBW1+LTmj4cwF3OnCqX2e0G+u1Pb5upJi9qC3oqQkTm:D/d6d1TtnXSvmj4jBqX2KFBbaVCA8m

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
andreasconstant@yandex.com
Password:
DreamChaser101

Targets

- Target
  
  PO#4802567411.exe
- Size
  
  580KB
- MD5
  
  f9e0af58ea534e3e64ee225824abd7e8
- SHA1
  
  11a3e3b9d90ee75f72d2b9306b96b2f23839ee3c
- SHA256
  
  7d7157dafa1904a0d5331931d078f7058a11316863715581fa3db547198029e3
- SHA512
  
  5dc831f1987607209eafac1038185b7bad004edc0938342ef544cdbf7668b22593d8c738858bd6c0fa41bcbe5b0ec2c4574d6979809d86875200c3aa8daf1473
- SSDEEP
  
  6144:D//V6dz5TntnRk4cneuBW1+LTmj4cwF3OnCqX2e0G+u1Pb5upJi9qC3oqQkTm:D/d6d1TtnXSvmj4jBqX2KFBbaVCA8m
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan