agenttesla | 349ae885327a3970c99cb8d98cd3413b835dd8cee52de5ee6c7bc60cfc670f90 | Triage

Sharing

General

Target

SecuriteInfo.com.Win32.TrojanX-gen.22520.22219.exe
Size

840KB
Sample

221206-lkyamsed24
MD5

5f1400ca0b3144ef77b9634a989476e5
SHA1

9346b16d6e78d2904bc14875a1ab1948c988cee6
SHA256

349ae885327a3970c99cb8d98cd3413b835dd8cee52de5ee6c7bc60cfc670f90
SHA512

bd400522d96f04c41121c05aa2c998b68a50ea56797ebef22a86cc708b6c811df86361c20fddfc5879d3cca6e1c453cd74ba5b7e8b02bae3fb5bc71092bd35a5
SSDEEP

12288:VEVq7bKlSwx7IkN3NnL9ECycoyCldFkDNFB9PMA5C7g486vTgOe6uvI:7SQw+m9nBECycpCXFINFjPho98q

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.dubai-lights.com
Port:
587
Username:
[email protected]
Password:
DL2@DL$lighting1&2&3
Email To:
[email protected]

Targets

- Target
  
  SecuriteInfo.com.Win32.TrojanX-gen.22520.22219.exe
- Size
  
  840KB
- MD5
  
  5f1400ca0b3144ef77b9634a989476e5
- SHA1
  
  9346b16d6e78d2904bc14875a1ab1948c988cee6
- SHA256
  
  349ae885327a3970c99cb8d98cd3413b835dd8cee52de5ee6c7bc60cfc670f90
- SHA512
  
  bd400522d96f04c41121c05aa2c998b68a50ea56797ebef22a86cc708b6c811df86361c20fddfc5879d3cca6e1c453cd74ba5b7e8b02bae3fb5bc71092bd35a5
- SSDEEP
  
  12288:VEVq7bKlSwx7IkN3NnL9ECycoyCldFkDNFB9PMA5C7g486vTgOe6uvI:7SQw+m9nBECycpCXFINFjPho98q
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2