agenttesla | 8cd3a69637a14aeb7a0db8c47a197e8cdee48d1c995b8ea848449b1f206a8d24 | Triage

Sharing

General

Target

Swift.exe
Size

64KB
Sample

230206-rtmhdsec95
MD5

c3dda199739ccc5699ea98f22eb1d0ba
SHA1

8ca42b38a4df27fbd18b060092009b1092f79932
SHA256

8cd3a69637a14aeb7a0db8c47a197e8cdee48d1c995b8ea848449b1f206a8d24
SHA512

828ebcaa0b8d7fbcb50768669921980ae389582ef25ea643541fa89a60d9c34639e170cc80eb378c56028b4ef1229141faa93f896b3c724f963139266c7c0dca
SSDEEP

768:M4OE/9oA9EfutLtTP44IuAgpjELM40LO6dusn04el:BOe9oA9EfKP4yFp+M40ymuL3l

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/

Targets

- Target
  
  Swift.exe
- Size
  
  64KB
- MD5
  
  c3dda199739ccc5699ea98f22eb1d0ba
- SHA1
  
  8ca42b38a4df27fbd18b060092009b1092f79932
- SHA256
  
  8cd3a69637a14aeb7a0db8c47a197e8cdee48d1c995b8ea848449b1f206a8d24
- SHA512
  
  828ebcaa0b8d7fbcb50768669921980ae389582ef25ea643541fa89a60d9c34639e170cc80eb378c56028b4ef1229141faa93f896b3c724f963139266c7c0dca
- SSDEEP
  
  768:M4OE/9oA9EfutLtTP44IuAgpjELM40LO6dusn04el:BOe9oA9EfKP4yFp+M40ymuL3l
Score

10^/10

agenttesla keylogger spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan