agenttesla | e47e898923208e15cedda56de05b9896e2e3df46628a74692d91484ab4fcefcd | Triage

Sharing

General

Target

THE NEW ORDER FOR FU#F211213-016(OR22078).exe
Size

472KB
Sample

221204-me9l6aad72
MD5

bc19430f73ce7c06468bb450f99203f2
SHA1

1abfeb24edd346228e56ef94bf5241f2a39b8a4f
SHA256

e47e898923208e15cedda56de05b9896e2e3df46628a74692d91484ab4fcefcd
SHA512

0e75ee453b1bda764817ad97d2f5ec3ff9c8d20a11cded85c5033b34af94f980db251cd163cf7b22a2cca2583545fa41061420f26c280ea303d0e0e44666b7b3
SSDEEP

12288:B4BEjMyXlpQhl+CbZSt0iZV76/L9gaTAri0KvHbxnq:+GjMy+TZgLWZhgi9tn

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5247127509:AAGW6jgaK8wg9Olc3UxNFqjLkvAv8DEdQEY/

Targets

- Target
  
  THE NEW ORDER FOR FU#F211213-016(OR22078).exe
- Size
  
  472KB
- MD5
  
  bc19430f73ce7c06468bb450f99203f2
- SHA1
  
  1abfeb24edd346228e56ef94bf5241f2a39b8a4f
- SHA256
  
  e47e898923208e15cedda56de05b9896e2e3df46628a74692d91484ab4fcefcd
- SHA512
  
  0e75ee453b1bda764817ad97d2f5ec3ff9c8d20a11cded85c5033b34af94f980db251cd163cf7b22a2cca2583545fa41061420f26c280ea303d0e0e44666b7b3
- SSDEEP
  
  12288:B4BEjMyXlpQhl+CbZSt0iZV76/L9gaTAri0KvHbxnq:+GjMy+TZgLWZhgi9tn
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan