agenttesla | 4af278d681249a1d292e0b0eb662f20ec919f984bf1c3d3ed0cff961fe0ef887 | Triage

Sharing

General

Target

PAYMENT ADVICE.exe
Size

471KB
Sample

221205-r9atjaae65
MD5

20c4471b875e64c7943c225a359eb227
SHA1

3551c6ddbe76927927a22262af48c225a9c28d6b
SHA256

4af278d681249a1d292e0b0eb662f20ec919f984bf1c3d3ed0cff961fe0ef887
SHA512

72b2fb581a3e9efa8b9bde02507dce59a3e094fbc9d3c98701ce4ff5a37d152708a50c0b546232c073115e5e9988d9f3d7d33c1418d9fefa7c1236100d06deef
SSDEEP

12288:DcKn2SMgBEWoCruaOwVrf3iNWiPpq72IanrSy00kZlXa:DL6LmuZGf3ijBkMrSRzZRa

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5247127509:AAGW6jgaK8wg9Olc3UxNFqjLkvAv8DEdQEY/

Targets

- Target
  
  PAYMENT ADVICE.exe
- Size
  
  471KB
- MD5
  
  20c4471b875e64c7943c225a359eb227
- SHA1
  
  3551c6ddbe76927927a22262af48c225a9c28d6b
- SHA256
  
  4af278d681249a1d292e0b0eb662f20ec919f984bf1c3d3ed0cff961fe0ef887
- SHA512
  
  72b2fb581a3e9efa8b9bde02507dce59a3e094fbc9d3c98701ce4ff5a37d152708a50c0b546232c073115e5e9988d9f3d7d33c1418d9fefa7c1236100d06deef
- SSDEEP
  
  12288:DcKn2SMgBEWoCruaOwVrf3iNWiPpq72IanrSy00kZlXa:DL6LmuZGf3ijBkMrSRzZRa
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan