agenttesla | 1db859eb9aef5ca51d4af8d3eb0f263af3a497b3daf4dbedf1cdc6847c3213cb | Triage

Sharing

General

Target

RFQ- 19A20060.rar
Size

474KB
Sample

221125-q24wzabh93
MD5

39bafaec850d8ca204d839d8e54b0b07
SHA1

25297227104cfe5376fd3347ab8ecdabf11d488d
SHA256

1db859eb9aef5ca51d4af8d3eb0f263af3a497b3daf4dbedf1cdc6847c3213cb
SHA512

3770660f23749c239713f2c98a2c2b3c664b64d8adfa0cd39e14aa34353638415e32d6a09d0b14b2cb02b2732a359da8dde2982b3fa3bf4e388e6a188cab253f
SSDEEP

6144:kRdBlyerhZao8iWjT1cu7ONCvGXbD7hGwmvLNS5EX68KMl8J8PuhmJWkng0yMipX:QO8Zad/15OYvGXFvELxuTvcJU0yMipCW

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.svcnc.com
Port:
587
Username:
[email protected]
Password:
Krupashine@6791
Email To:
[email protected]

Targets

- Target
  
  RFQ- 19A20060.exe
- Size
  
  476KB
- MD5
  
  18bc83da8bfabb01740276062d6e014e
- SHA1
  
  2b9e4c4d82fcb91ec317ba1ea94a43c99c1a88f3
- SHA256
  
  17fad325e9717e20c930f698f08f711320a505560e239b5de9df67c62258a3bd
- SHA512
  
  718cbb37c7248661a778dfa8015e232e87cd00d6cb606e9b0ba4c0d63fcf52f493ee6bbb6d479f60c1428bf6384012cce7a81a8c3a16914114e0394f1bcd5381
- SSDEEP
  
  12288:/foXfDjiFs62c4Y40p9LqwFpFztF2+RCEUKMJ39Lavxrp:YXfDjiFKcFuwFpDQ+8HKMJpU
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan