agenttesla | b9f6f3b9202df46f9e2b996e4c47cd77ea107932712c50d300f3d0ddefa75686 | Triage

Sharing

General

Target

SHIPPING DOC.exe
Size

478KB
Sample

221128-jxk5qsge72
MD5

2a2c37b0186b83c12b975807546da3fb
SHA1

a0eef6a6122dab1d2c0e24c2d39edf0eb9999b05
SHA256

b9f6f3b9202df46f9e2b996e4c47cd77ea107932712c50d300f3d0ddefa75686
SHA512

d3fc6a7422abc8473a7b637034d3bd873008d15de83866043180047e2fda764083cb747a279e44ecca37867442e07ac853c8d1b2466c6497290eee751951361b
SSDEEP

12288:qwpYDXo4z1SRFedmp4JgoIkfoqbalNgp:qww4U1SRFr4ao9Aqbaly

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.elec-qatar.com
Port:
587
Username:
[email protected]
Password:
MHabrar2019@#
Email To:
[email protected]

Targets

- Target
  
  SHIPPING DOC.exe
- Size
  
  478KB
- MD5
  
  2a2c37b0186b83c12b975807546da3fb
- SHA1
  
  a0eef6a6122dab1d2c0e24c2d39edf0eb9999b05
- SHA256
  
  b9f6f3b9202df46f9e2b996e4c47cd77ea107932712c50d300f3d0ddefa75686
- SHA512
  
  d3fc6a7422abc8473a7b637034d3bd873008d15de83866043180047e2fda764083cb747a279e44ecca37867442e07ac853c8d1b2466c6497290eee751951361b
- SSDEEP
  
  12288:qwpYDXo4z1SRFedmp4JgoIkfoqbalNgp:qww4U1SRFr4ao9Aqbaly
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan