agenttesla | 0447c43cc9d78ef162784c4ae1ce6baa8289f9c159ec6baf735072a93bb51a88 | Triage

Sharing

General

Target

invoice.pdf.exe
Size

791KB
Sample

230328-h8dz5abd4z
MD5

083c066431159d98ebffd1788bf43ee9
SHA1

f0d68ddf58e4143bb14ee41263549c768fb0f181
SHA256

0447c43cc9d78ef162784c4ae1ce6baa8289f9c159ec6baf735072a93bb51a88
SHA512

1afa1aa274921cbb4d039b9a1a35aa38d52b2928e22547a6648a78e5a19aaa2e5220e626df245c9b5a483e3ee6d0afc74bac6a03f8c64214dd11eef4b5d14e4a
SSDEEP

12288:Js1KdJVZz5d20qfcNdJaq5dsr1Z7SVJ2cJ0qSTXyl/ezVXUjlmlJkDLdjSV4AD7t:JsKVZ9fA8sRZoH0qSTXylpjlmMsV4AP

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
logs@modernplesticgoa.com
Password:
JUGCRsm9
Email To:
logs@modernplesticgoa.com

Targets

- Target
  
  invoice.pdf.exe
- Size
  
  791KB
- MD5
  
  083c066431159d98ebffd1788bf43ee9
- SHA1
  
  f0d68ddf58e4143bb14ee41263549c768fb0f181
- SHA256
  
  0447c43cc9d78ef162784c4ae1ce6baa8289f9c159ec6baf735072a93bb51a88
- SHA512
  
  1afa1aa274921cbb4d039b9a1a35aa38d52b2928e22547a6648a78e5a19aaa2e5220e626df245c9b5a483e3ee6d0afc74bac6a03f8c64214dd11eef4b5d14e4a
- SSDEEP
  
  12288:Js1KdJVZz5d20qfcNdJaq5dsr1Z7SVJ2cJ0qSTXyl/ezVXUjlmlJkDLdjSV4AD7t:JsKVZ9fA8sRZoH0qSTXylpjlmMsV4AP
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan