agenttesla | 32bd5e6ae241a016f718e4ae16a189b40d3eb72c497eedd03a44299e5654644a | Triage

Sharing

General

Target

INV and NOA.zip
Size

554KB
Sample

221129-qmsv6acf99
MD5

399bcd9907d175a2dbb89d342889e4a0
SHA1

54fb8123ba427afeeb60630bddbc93ae4894f208
SHA256

32bd5e6ae241a016f718e4ae16a189b40d3eb72c497eedd03a44299e5654644a
SHA512

35555efff3b013f46052954058f86e5cede52990b07ecedc594df14c8bcdd1113c947f48085f44b006555c4e59c02d51684b5e13205156ca45b505efca98b71e
SSDEEP

12288:D3zi+iJJc+XiOXrq7gRCIi97ZagoxSuhnlYaAEtCucH8r0Yv9Oledq:DBinc+XiOXrqwkcLH9AACucHkqleY

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.southernboilers.org
Port:
587
Username:
info@southernboilers.org
Password:
Sksmoke2018#
Email To:
obtxxxtf@gmail.com

Targets

- Target
  
  INV and NOA.exe
- Size
  
  668KB
- MD5
  
  9efabcfe6bfbfa5dda90ad4dc5894040
- SHA1
  
  07c7cdac9aa0658d374331c4b35a9d0190eadbee
- SHA256
  
  05472a071f902b974d4ce0d2e605058580f86ab1ad7b6c201c6f9b38608c9b4d
- SHA512
  
  bae5eb2fb1dcb683ccab5b4c5f6857ffe300b1719378050e5aab1f97e0c748dbbb5abe91b32cbe8aea3615069f0903a376310ad68ad4ad60d80f1933100e0855
- SSDEEP
  
  12288:wFkzrbETClCHskFgFwIyXCDP0SLZigmxSuhnlYiAEt+Ccf8r2Yt93cr:Z76CIskFgqIyXyLOLHbAA+Ccfkg
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2