agenttesla | b5b759622f890647a48720d6c8e1e3dc3a9d0d829218e594b760668eaed473f5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

39fef7688861692b86209bd83c4ee4b1.bin
Size

402KB
Sample

230312-bktbkscb59
MD5

ae0eda065b7e5c4f7c6579ec7fbb3b1f
SHA1

71b8583350170b80d0af74bbbcf9ede03336a5a3
SHA256

b5b759622f890647a48720d6c8e1e3dc3a9d0d829218e594b760668eaed473f5
SHA512

0df78d88b04cad1a6537b1dec9d0a54fb31528400bc8270ca54b1d23ed609b1e356f7df797e4e41f15d3238246373c956434ee377391756701f11b4db32f06e7
SSDEEP

6144:X7FiQIqqNEvN817LEo7GQzmg3Ot87OMSBbxtNMqzCyE+mIBAIt5UTycWmwEqE7lq:XkuqNE18JbGQy078D6hIB5Uu7mwEqE+1

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.sienkakupeste.com
Port:
587
Username:
[email protected]
Password:
010203sienka++
Email To:
[email protected]

Targets

- Target
  
  RFQ-05434567898654345.exe
- Size
  
  838KB
- MD5
  
  3b4eea8c0ff330106c37b55bc3ffb85b
- SHA1
  
  dbebee4560b1ddca4eff35f0a52f5aae543a813b
- SHA256
  
  aa5336fbd1f094aabf356588943e259fdb8330a19e9e957bf8bbcac9d3ae7401
- SHA512
  
  dc025f9000631f12d66d37e5e1b28e3eb8bb0a1c8d4bf35f4b742e46b344974257bf2b13872fb19e26922af1b6d9d252665e66dcf9bd33529b90f52cf0a18479
- SSDEEP
  
  12288:hyvpWnX9zt58IXAExxphTTYLGJ/xdVzsEF0i6CPB+VxdfRmvxjHYKM6UGtpSsY/x:hrNRfJxgxsxE8N8zP
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan