agenttesla | 626b38eceda55688275aec055e69b4cfbf2853b6e3d32e7ad0dfee6f1873fc02 | Triage

Sharing

General

Target

626b38eceda55688275aec055e69b4cfbf2853b6e3d32e7ad0dfee6f1873fc02
Size

956KB
Sample

221208-jtcdescc8s
MD5

69be1ecad83bd419977aefd1e8777332
SHA1

7d6e37043d3bbe0a2b1099ab22bc58e2628ad2b8
SHA256

626b38eceda55688275aec055e69b4cfbf2853b6e3d32e7ad0dfee6f1873fc02
SHA512

e61df9fed3c55b1242890b9f5457f085eaf11e229e8fa54aa7af2179dbf242e61e7e5b5e235cd4907e7791daf7a789f0d408f910fb7265e5f71b10dfb26f5b4d
SSDEEP

12288:b28yFT7GPtdUAG/mZoIms2jIEIX1uXnbT9LfeUi0wHv9gpY+ZmBjHUk+qjK3o3:q8MTql9GoWs2jICdfeUU9AhZmBHE

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
server323.web-hosting.com
Port:
587
Username:
admin@transcooldv.com
Password:
turkey@123
Email To:
owen@transcooldv.com

Targets

- Target
  
  626b38eceda55688275aec055e69b4cfbf2853b6e3d32e7ad0dfee6f1873fc02
- Size
  
  956KB
- MD5
  
  69be1ecad83bd419977aefd1e8777332
- SHA1
  
  7d6e37043d3bbe0a2b1099ab22bc58e2628ad2b8
- SHA256
  
  626b38eceda55688275aec055e69b4cfbf2853b6e3d32e7ad0dfee6f1873fc02
- SHA512
  
  e61df9fed3c55b1242890b9f5457f085eaf11e229e8fa54aa7af2179dbf242e61e7e5b5e235cd4907e7791daf7a789f0d408f910fb7265e5f71b10dfb26f5b4d
- SSDEEP
  
  12288:b28yFT7GPtdUAG/mZoIms2jIEIX1uXnbT9LfeUi0wHv9gpY+ZmBjHUk+qjK3o3:q8MTql9GoWs2jICdfeUU9AhZmBHE
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan