agenttesla | 487d9f829469177c124d791f2b4769f31e6c1c1dd695b52dacefee4e2061859d | Triage

Sharing

General

Target

UPDATED SOA (2).zip
Size

367KB
Sample

221126-lqhgdabf4v
MD5

87b096e6eed114266570138e11cabd40
SHA1

a749a72e8f3782a14028a8260cc3a546fba4921f
SHA256

487d9f829469177c124d791f2b4769f31e6c1c1dd695b52dacefee4e2061859d
SHA512

9400e37f7cfb0685abb191a0058a2b2c306758138c247825b29207f49f45e6e8f2a363c07a1224258c16cf5001f0edb2b60a2b7003796481b50bd5e771346508
SSDEEP

6144:aq0ui5+qifCUmelJQEOBIUE4QiF33Zgx4nwy5Wo4kaZL5+4+381H8W1:axH4JQTqUnQiF3J84pgou+a1cM

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.svcnc.com
Port:
587
Username:
[email protected]
Password:
Krupashine@6791
Email To:
[email protected]

Targets

- Target
  
  UPDATED SOA (2).exe
- Size
  
  482KB
- MD5
  
  74413d410ade63316e64fd13643c5472
- SHA1
  
  e799abf182ebbda566506ab24d1c3291d2b5045c
- SHA256
  
  a8db61754cfe3eb3cde12a63eadb0631b3437bbbe05bb9c1bbf7d3f4af31a56d
- SHA512
  
  46278aecc22bfcb435f3463f8fccef1e9a11ee029f80f071f313033cd5c8e0f2939caba6a554797c217b7afc0f11f96e5dd6a29a72706696d848c976c31fcbcb
- SSDEEP
  
  12288:3gJKPIrufvlcmVUZ7DkosENw2xyVbzUh/e237lEXO52I4mYF+:3sKPmql7VUZ7PsECxXi2s4
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan