agenttesla | 559e053e4acfbcb073e2f2614d733a4ef73f778147a2c58f881a46a8bd3a88f8 | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.DownloaderNET.345.21610.20158.exe
Size

858KB
Sample

221207-rxexqafb82
MD5

60c2ecb44642d9e51cd4b17b82358cb8
SHA1

8915a7b1bc4e9a0795877f1a1063dc9cdfb00f9e
SHA256

559e053e4acfbcb073e2f2614d733a4ef73f778147a2c58f881a46a8bd3a88f8
SHA512

cc0e3229b870faf6c25af7bebf545dbddebe2669db9eaefc74adb3569d041d54ff531cf903c721e8653de200bbbcc924b701c215fb2ae78b9a136d390d7c4b56
SSDEEP

24576:TIxSFvbutP/Sj6JPlNLa6qvekLoKVA43tEY0gRqs:s6j6JPllaFveCo4A43tZlc

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.leonardfood.com
Port:
587
Username:
[email protected]
Password:
K@rimi95

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.leonardfood.com
Port:
587
Username:
[email protected]
Password:
K@rimi95
Email To:
[email protected]

Targets

- Target
  
  SecuriteInfo.com.Trojan.DownloaderNET.345.21610.20158.exe
- Size
  
  858KB
- MD5
  
  60c2ecb44642d9e51cd4b17b82358cb8
- SHA1
  
  8915a7b1bc4e9a0795877f1a1063dc9cdfb00f9e
- SHA256
  
  559e053e4acfbcb073e2f2614d733a4ef73f778147a2c58f881a46a8bd3a88f8
- SHA512
  
  cc0e3229b870faf6c25af7bebf545dbddebe2669db9eaefc74adb3569d041d54ff531cf903c721e8653de200bbbcc924b701c215fb2ae78b9a136d390d7c4b56
- SSDEEP
  
  24576:TIxSFvbutP/Sj6JPlNLa6qvekLoKVA43tEY0gRqs:s6j6JPllaFveCo4A43tZlc
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan