agenttesla | 112fea8779d66870df2bfe7d46f60f8e6f3c0f768a8076f9494404df0d2e88ed | Triage

Sharing

General

Target

payment receipt.exe
Size

899KB
Sample

221208-rt3vdadc2x
MD5

ef2ce2f68f0c5562a64bd3139d81a62f
SHA1

248f3b30bb878a7608d1da009ae686b2e805562b
SHA256

112fea8779d66870df2bfe7d46f60f8e6f3c0f768a8076f9494404df0d2e88ed
SHA512

bdef4affde1cfc29055fbf1ea8d7b98832cbd0086693913eaf38f875a7d9969635c0edd05df18598edcadf2da0d911980f5c412622e8b76625114226f1923c10
SSDEEP

12288:goQgKZ/nXt7virmWhlGLaQYIRx/9/YAoDotxyo5iTz6wRhEq2jHrM393T7Qsm447:c/NYAHP5iTzOE3t32ia

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
work-toolz.click
Port:
587
Username:
[email protected]
Password:
3HLkst~=QzD3

Targets

- Target
  
  payment receipt.exe
- Size
  
  899KB
- MD5
  
  ef2ce2f68f0c5562a64bd3139d81a62f
- SHA1
  
  248f3b30bb878a7608d1da009ae686b2e805562b
- SHA256
  
  112fea8779d66870df2bfe7d46f60f8e6f3c0f768a8076f9494404df0d2e88ed
- SHA512
  
  bdef4affde1cfc29055fbf1ea8d7b98832cbd0086693913eaf38f875a7d9969635c0edd05df18598edcadf2da0d911980f5c412622e8b76625114226f1923c10
- SSDEEP
  
  12288:goQgKZ/nXt7virmWhlGLaQYIRx/9/YAoDotxyo5iTz6wRhEq2jHrM393T7Qsm447:c/NYAHP5iTzOE3t32ia
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2