agenttesla | a8db61754cfe3eb3cde12a63eadb0631b3437bbbe05bb9c1bbf7d3f4af31a56d | Triage

Sharing

General

Target

UPDATED SOA (2).exe
Size

482KB
Sample

221125-x4xzrshh34
MD5

74413d410ade63316e64fd13643c5472
SHA1

e799abf182ebbda566506ab24d1c3291d2b5045c
SHA256

a8db61754cfe3eb3cde12a63eadb0631b3437bbbe05bb9c1bbf7d3f4af31a56d
SHA512

46278aecc22bfcb435f3463f8fccef1e9a11ee029f80f071f313033cd5c8e0f2939caba6a554797c217b7afc0f11f96e5dd6a29a72706696d848c976c31fcbcb
SSDEEP

12288:3gJKPIrufvlcmVUZ7DkosENw2xyVbzUh/e237lEXO52I4mYF+:3sKPmql7VUZ7PsECxXi2s4

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.svcnc.com
Port:
587
Username:
[email protected]
Password:
Krupashine@6791
Email To:
[email protected]

Targets

- Target
  
  UPDATED SOA (2).exe
- Size
  
  482KB
- MD5
  
  74413d410ade63316e64fd13643c5472
- SHA1
  
  e799abf182ebbda566506ab24d1c3291d2b5045c
- SHA256
  
  a8db61754cfe3eb3cde12a63eadb0631b3437bbbe05bb9c1bbf7d3f4af31a56d
- SHA512
  
  46278aecc22bfcb435f3463f8fccef1e9a11ee029f80f071f313033cd5c8e0f2939caba6a554797c217b7afc0f11f96e5dd6a29a72706696d848c976c31fcbcb
- SSDEEP
  
  12288:3gJKPIrufvlcmVUZ7DkosENw2xyVbzUh/e237lEXO52I4mYF+:3sKPmql7VUZ7PsECxXi2s4
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2