agenttesla | 5b58cbced6c48c6e944b97bfba3ae9ff3390a66c6a581bc83ae214a047b06ea4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

product and specification No#453996.exe
Size

792KB
Sample

230206-lc2m4agd6t
MD5

53f537081349ccc8746f0d2e17890f19
SHA1

7b90485dc7f10b48a5d99bcd8746aef8c1cd258f
SHA256

5b58cbced6c48c6e944b97bfba3ae9ff3390a66c6a581bc83ae214a047b06ea4
SHA512

7e167fda76b45fc43774c029a6c00afd0b2c481bbbafc651f81fde855e973506f4e9d7e6f4af50650611d90e2a2f9bc414a1cb94495d353ec34af51737105032
SSDEEP

24576:fA3A0Pryi2gGzyZFJmprNXrxN5IC54TWMt:IQ0Pryi2gaYFgprVtgi

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
N!hfzy$8

Targets

- Target
  
  product and specification No#453996.exe
- Size
  
  792KB
- MD5
  
  53f537081349ccc8746f0d2e17890f19
- SHA1
  
  7b90485dc7f10b48a5d99bcd8746aef8c1cd258f
- SHA256
  
  5b58cbced6c48c6e944b97bfba3ae9ff3390a66c6a581bc83ae214a047b06ea4
- SHA512
  
  7e167fda76b45fc43774c029a6c00afd0b2c481bbbafc651f81fde855e973506f4e9d7e6f4af50650611d90e2a2f9bc414a1cb94495d353ec34af51737105032
- SSDEEP
  
  24576:fA3A0Pryi2gGzyZFJmprNXrxN5IC54TWMt:IQ0Pryi2gaYFgprVtgi
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan