agenttesla | aab69d08523d6a6e50f3f057aa975bc80644725fc3f458281d97c974170c4f7b | Triage

Sharing

General

Target

New Shipment.exe
Size

703KB
Sample

230206-v1emxaac61
MD5

44209f94895aa491ebe6970a9b1170bf
SHA1

8a7269c4b631ab6e770cb427c952c8756199b1d5
SHA256

aab69d08523d6a6e50f3f057aa975bc80644725fc3f458281d97c974170c4f7b
SHA512

0ee9205567d300a32a7cba9f6585c956d021cc62cf25904ca9c0d92f2fa4f4b18115fc63074fffad00b5db715175eb4757f90d1056ae9746f93b9d25f6e2536b
SSDEEP

12288:niapzpT4sPb+HT0qE8S6S7ztLHKNu+A+/1bpc9xJPmH5x97ZiQ4mvUw1YuO5DVPe:niark8b8vOztLHKNu+A+/1beFPb4cw5b

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.aficofilters.com.eg
Port:
587
Username:
m.saadany@aficofilters.com.eg
Password:
mhds@852
Email To:
godwingodwin397@gmail.com

Targets

- Target
  
  New Shipment.exe
- Size
  
  703KB
- MD5
  
  44209f94895aa491ebe6970a9b1170bf
- SHA1
  
  8a7269c4b631ab6e770cb427c952c8756199b1d5
- SHA256
  
  aab69d08523d6a6e50f3f057aa975bc80644725fc3f458281d97c974170c4f7b
- SHA512
  
  0ee9205567d300a32a7cba9f6585c956d021cc62cf25904ca9c0d92f2fa4f4b18115fc63074fffad00b5db715175eb4757f90d1056ae9746f93b9d25f6e2536b
- SSDEEP
  
  12288:niapzpT4sPb+HT0qE8S6S7ztLHKNu+A+/1bpc9xJPmH5x97ZiQ4mvUw1YuO5DVPe:niark8b8vOztLHKNu+A+/1beFPb4cw5b
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan