agenttesla | 9bd8700036da16657143dd7f505bb1e5f7822e2b32c9d34eaa29d673f03a1f83 | Triage

Sharing

General

Target

Urgent_order.rar
Size

785KB
Sample

221208-lar1wace2y
MD5

92c017fb77396d2030932d159cc6d89c
SHA1

d8c99b83080a2cfa1cb4ee74b2088112b72d3a21
SHA256

9bd8700036da16657143dd7f505bb1e5f7822e2b32c9d34eaa29d673f03a1f83
SHA512

888801a8f404db35b7bafacf023509d2e9ba73958eb250fff14a17ebb554de18453a5460d5c778bb7b214571ccbf1ef2a916ab1ecd1a4d23f2ce535615334656
SSDEEP

12288:EugcUypjCO56VUXPku9WMdzqJwbck7z0xYqS/Y4DFxHa3jMvvz+OR/X1jeP3xB8P:EuFxfcu9H0Wfz0eqS/nJ+OR183xB8oU

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.pumaelektrik.com
Port:
587
Username:
[email protected]
Password:
cspen@#$123
Email To:
[email protected]

Targets

- Target
  
  Urgent_order.exe
- Size
  
  933KB
- MD5
  
  5f76f0b41ac9b298d26f44826b1e4a0d
- SHA1
  
  2d9d42ea7ca927b8c14f8c4165f4ee6b7dab96b3
- SHA256
  
  bc1cf6ade2e07cc46dd254933985c39647afef5408b8e55ef054f438683a5843
- SHA512
  
  20024f43345b09d60f47befa9e6a60249b93bf5ad2cbd398b7ce5bbe7f74dc7691ff19a628271aa70d9084c65f138e08aaffe473322c843bc1f9094365eea57c
- SSDEEP
  
  24576:HJlSAKI2uGpsH62Va2ABKs29wDxwg5+RY:HXSpXbB7f7e
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan