agenttesla | 512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9 | Triage

Sharing

General

Target

512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9
Size

1.1MB
Sample

221208-camxgsbf9z
MD5

1390949b5e724b10db6b15b9b564510c
SHA1

f39222bfc33e3b726c950c923180b2257b58acd4
SHA256

512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9
SHA512

65aff732ed49107091794d512055e93cc8b1d59a3f09ece5db41e47bc372f9e11234ea02d890906615ecd3cc6c334e2160d602c997b5c377dbb44694082cfc0a
SSDEEP

12288:tsuAo+41hw4e/ehLrzXz8nmkAk6zcpB4+B/RjMWp+aC203fjrDq0DeJZB0BeumF:WL4LJzOmFk71Xjozn37rDqr2Qum2d4

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.bohotels.hu
Port:
587
Username:
director@bo18hotel.hu
Password:
v4Jdahdirect
Email To:
confirmed77@asia.com

Targets

- Target
  
  512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9
- Size
  
  1.1MB
- MD5
  
  1390949b5e724b10db6b15b9b564510c
- SHA1
  
  f39222bfc33e3b726c950c923180b2257b58acd4
- SHA256
  
  512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9
- SHA512
  
  65aff732ed49107091794d512055e93cc8b1d59a3f09ece5db41e47bc372f9e11234ea02d890906615ecd3cc6c334e2160d602c997b5c377dbb44694082cfc0a
- SSDEEP
  
  12288:tsuAo+41hw4e/ehLrzXz8nmkAk6zcpB4+B/RjMWp+aC203fjrDq0DeJZB0BeumF:WL4LJzOmFk71Xjozn37rDqr2Qum2d4
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerspywarestealertrojan