agenttesla | f8e7f0e3223a54f9fbf08ec5aac0f3e5b6cc5da043811c8c4c28d463936cc143 | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.PWS.Siggen3.23270.5296.14967.exe
Size

239KB
Sample

221014-3svcdsegf6
MD5

6c53c9be37454d1bfbcfc09c33bef1f9
SHA1

8981206d44790b3129e042599e1dc2b92c420a11
SHA256

f8e7f0e3223a54f9fbf08ec5aac0f3e5b6cc5da043811c8c4c28d463936cc143
SHA512

301c4f5dadf0d63c6f7fef3f85716066b2641641e449e81241cddaf1b74a2186373198cd8def0ec5debd146cbb3f09f96881f7d249a90ddc7931dbe3b30cff55
SSDEEP

6144:wjQ7oTIsdOSgi92v4NrUKEboxttjNb6+6NKUkTz5R9JJ:PYIyOMFNrrJV6Nkz5f

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5349655878:AAGnMhpzchQYN5RbZ88-w3gvA1SNsxWo7ts/

Targets

- Target
  
  SecuriteInfo.com.Trojan.PWS.Siggen3.23270.5296.14967.exe
- Size
  
  239KB
- MD5
  
  6c53c9be37454d1bfbcfc09c33bef1f9
- SHA1
  
  8981206d44790b3129e042599e1dc2b92c420a11
- SHA256
  
  f8e7f0e3223a54f9fbf08ec5aac0f3e5b6cc5da043811c8c4c28d463936cc143
- SHA512
  
  301c4f5dadf0d63c6f7fef3f85716066b2641641e449e81241cddaf1b74a2186373198cd8def0ec5debd146cbb3f09f96881f7d249a90ddc7931dbe3b30cff55
- SSDEEP
  
  6144:wjQ7oTIsdOSgi92v4NrUKEboxttjNb6+6NKUkTz5R9JJ:PYIyOMFNrrJV6Nkz5f
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan