agenttesla | 181232a9e88c12ab1b1ec7228c1a9f4703b44017fac6934a142361e37985ff15 | Triage

Sharing

General

Target

comprobante.pdf.exe
Size

42KB
Sample

230203-gv6ybabg53
MD5

37dffb8fc4927092f3e166aee2afa828
SHA1

13f38874c91e6186afdb694c896cf029d3875824
SHA256

181232a9e88c12ab1b1ec7228c1a9f4703b44017fac6934a142361e37985ff15
SHA512

ada8050509e45d104fb5414bc3970655701bbe85212aea01086cd95d6a127234ef0eab26c0891280586b72fc66fc9095b7ad33f988fc6f78d8acaa6032187e07
SSDEEP

768:hev5NGja1TxGIP+tZS+XZg/0kt+Hrqt5RYVMcORgU24vSyiRj:MNG21T4IP+tZPX2MM+LqtfY9ORGhyi5

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.sisoempresarialsas.com
Port:
21
Username:
[email protected]
Password:
.!LV?]FKWxUy

Targets

- Target
  
  comprobante.pdf.exe
- Size
  
  42KB
- MD5
  
  37dffb8fc4927092f3e166aee2afa828
- SHA1
  
  13f38874c91e6186afdb694c896cf029d3875824
- SHA256
  
  181232a9e88c12ab1b1ec7228c1a9f4703b44017fac6934a142361e37985ff15
- SHA512
  
  ada8050509e45d104fb5414bc3970655701bbe85212aea01086cd95d6a127234ef0eab26c0891280586b72fc66fc9095b7ad33f988fc6f78d8acaa6032187e07
- SSDEEP
  
  768:hev5NGja1TxGIP+tZS+XZg/0kt+Hrqt5RYVMcORgU24vSyiRj:MNG21T4IP+tZPX2MM+LqtfY9ORGhyi5
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan