agenttesla | 1ea31d04175fb842e43adb57eadd01486fbad17841f83d5eff065b67baeb4d69 | Triage

Sharing

General

Target

Overdue_account letter.exe
Size

958KB
Sample

221127-h497rsch6s
MD5

40c43a758689271d72709958de73a4cc
SHA1

9fb2af9270987df6a8e974eb745f9a01022c3453
SHA256

1ea31d04175fb842e43adb57eadd01486fbad17841f83d5eff065b67baeb4d69
SHA512

a47e491d4eda64ddedf8d533aea1097fe43b85927074598ee74fb59faa48968e44d7c2f58057375850710389da2a0bcac9eab6a248172a5dcdcc99b7c87d5bf4
SSDEEP

24576:NoU376CMskFgqIyXXkH5MF1FI86jiT17MTsM3ya2veHe:NpPkVXX65cr6jiT1ha2veHe

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5495243543:AAG3XPeGW7yqfXF6_EXjGSfO9SWHJTpqVsU/

Targets

- Target
  
  Overdue_account letter.exe
- Size
  
  958KB
- MD5
  
  40c43a758689271d72709958de73a4cc
- SHA1
  
  9fb2af9270987df6a8e974eb745f9a01022c3453
- SHA256
  
  1ea31d04175fb842e43adb57eadd01486fbad17841f83d5eff065b67baeb4d69
- SHA512
  
  a47e491d4eda64ddedf8d533aea1097fe43b85927074598ee74fb59faa48968e44d7c2f58057375850710389da2a0bcac9eab6a248172a5dcdcc99b7c87d5bf4
- SSDEEP
  
  24576:NoU376CMskFgqIyXXkH5MF1FI86jiT17MTsM3ya2veHe:NpPkVXX65cr6jiT1ha2veHe
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2