agenttesla | c1b9ddd584078ecf7375239eecc419c3ebcf441c71db62b8e559b88613861026 | Triage

Sharing

General

Target

83c261ea71476210fa5f69e1e306a0ed.exe
Size

706KB
Sample

230130-mz5hyabg3t
MD5

83c261ea71476210fa5f69e1e306a0ed
SHA1

57e3b8222a66615cc211555f8cdc1b95fc4964ce
SHA256

c1b9ddd584078ecf7375239eecc419c3ebcf441c71db62b8e559b88613861026
SHA512

cf36d08381582e2ce6c80be7f36ec9e5f84cfd5b99db4058a2089add30584cfc0c4ede27071f7e994d2742ed513cd8a1705a88d573c3cae8f82f2b6f31710525
SSDEEP

12288:YG9/FJMVTEkYR5wpZp+E4auuWw1hWeh3ih9HlA:YI/Fq8zQWELWwBYTu

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5672966801:AAGkdauVLuRijg4BBwGbZ-5sO2ggBTSZUHE/

Targets

- Target
  
  83c261ea71476210fa5f69e1e306a0ed.exe
- Size
  
  706KB
- MD5
  
  83c261ea71476210fa5f69e1e306a0ed
- SHA1
  
  57e3b8222a66615cc211555f8cdc1b95fc4964ce
- SHA256
  
  c1b9ddd584078ecf7375239eecc419c3ebcf441c71db62b8e559b88613861026
- SHA512
  
  cf36d08381582e2ce6c80be7f36ec9e5f84cfd5b99db4058a2089add30584cfc0c4ede27071f7e994d2742ed513cd8a1705a88d573c3cae8f82f2b6f31710525
- SSDEEP
  
  12288:YG9/FJMVTEkYR5wpZp+E4auuWw1hWeh3ih9HlA:YI/Fq8zQWELWwBYTu
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan