agenttesla | 19505f6bdcb079c656821792ee63096814b5d567a68eea1c1192edc7a1925279 | Triage

Sharing

General

Target

SOA US$109,907.exe
Size

952KB
Sample

221204-mfdacaad77
MD5

a08dcd776ba1f20e041fc4bdeabc28f2
SHA1

645e8cda5d793de5181f8585290588f0b5335879
SHA256

19505f6bdcb079c656821792ee63096814b5d567a68eea1c1192edc7a1925279
SHA512

b5aabf447a279da46fcc06f663c02657162275fe730e1b3f111bef10ea1e0b22d20e476a9296b176ffa61920d4d38b2d71a1c86d8fb381e29b8096a49e43d735
SSDEEP

24576:khMnTV1PBPq3ILjQyvtCw4RxeuhgXTWSCsXXt1NkB:kmTV1PBPq4LjQQF+B

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5515611206:AAEcQSX8hXHOAxSYr8KUdLxGF5eqw4FRXoA/

Targets

- Target
  
  SOA US$109,907.exe
- Size
  
  952KB
- MD5
  
  a08dcd776ba1f20e041fc4bdeabc28f2
- SHA1
  
  645e8cda5d793de5181f8585290588f0b5335879
- SHA256
  
  19505f6bdcb079c656821792ee63096814b5d567a68eea1c1192edc7a1925279
- SHA512
  
  b5aabf447a279da46fcc06f663c02657162275fe730e1b3f111bef10ea1e0b22d20e476a9296b176ffa61920d4d38b2d71a1c86d8fb381e29b8096a49e43d735
- SSDEEP
  
  24576:khMnTV1PBPq3ILjQyvtCw4RxeuhgXTWSCsXXt1NkB:kmTV1PBPq4LjQQF+B
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan