agenttesla | 2b7d52cff6d8153c70e007f4b88b38788b6205144cb65c60b76272dc838acc8b | Triage

Sharing

General

Target

URGENT REQUEST.exe
Size

64KB
Sample

230206-r5ayqshf9w
MD5

3031228682ee992a8c75b0b7e767b794
SHA1

c0beabc62747ee62fbb05eb35284cc382a9a25fe
SHA256

2b7d52cff6d8153c70e007f4b88b38788b6205144cb65c60b76272dc838acc8b
SHA512

4fbadca7a43b04946afab52fd39e7de1ce34677d93316ff1f471105331af29e9787979fd6a6c3be2e1d6be0253fbd2b67c6f5963b618ebdeec030a77e49254aa
SSDEEP

768:EkOyF9AKzI19Nn7cx4vn+vEqMtpYYkhN40LO6dusn04eF:xOe9AA49Nn7cxgMEqMt8N40ymuL3F

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
focuzpartsmart.com
Port:
587
Username:
johnsonpc@focuzpartsmart.com
Password:
FpmJhn@2023
Email To:
decenmomodou20@gmail.com

Targets

- Target
  
  URGENT REQUEST.exe
- Size
  
  64KB
- MD5
  
  3031228682ee992a8c75b0b7e767b794
- SHA1
  
  c0beabc62747ee62fbb05eb35284cc382a9a25fe
- SHA256
  
  2b7d52cff6d8153c70e007f4b88b38788b6205144cb65c60b76272dc838acc8b
- SHA512
  
  4fbadca7a43b04946afab52fd39e7de1ce34677d93316ff1f471105331af29e9787979fd6a6c3be2e1d6be0253fbd2b67c6f5963b618ebdeec030a77e49254aa
- SSDEEP
  
  768:EkOyF9AKzI19Nn7cx4vn+vEqMtpYYkhN40LO6dusn04eF:xOe9AA49Nn7cxgMEqMt8N40ymuL3F
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan