agenttesla | 872f6e199585552edeed7104508fc56ccc1d4c6a5a2501e7608522dbb9eab798 | Triage

Sharing

General

Target

invoice.pdf.z
Size

712KB
Sample

230328-jgzyysbd9t
MD5

a266e6e5da5ffa1e35b5f6e3316376ac
SHA1

80bcb39315620d4d1c989d07a46bb566246a11f3
SHA256

872f6e199585552edeed7104508fc56ccc1d4c6a5a2501e7608522dbb9eab798
SHA512

e02914dbed894a909531912dc1e80ab750b1902f3b7e83a1cd1fe33fa8e8606e00925f087bab49356452528dc5eb81ac61949d5d95baf717fe44691e2091745f
SSDEEP

12288:6Qug8Ha7BvETWnZJNBSrUoPV5iu/JbY/qNQ0FxQOcpSS63dhiQqYPmvsBlFIXy:6Rg8HaZ/ZfBAUMVQAJ0uDQOESt3riTMP

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
logs@modernplesticgoa.com
Password:
JUGCRsm9
Email To:
logs@modernplesticgoa.com

Targets

- Target
  
  invoice.pdf.exe
- Size
  
  791KB
- MD5
  
  083c066431159d98ebffd1788bf43ee9
- SHA1
  
  f0d68ddf58e4143bb14ee41263549c768fb0f181
- SHA256
  
  0447c43cc9d78ef162784c4ae1ce6baa8289f9c159ec6baf735072a93bb51a88
- SHA512
  
  1afa1aa274921cbb4d039b9a1a35aa38d52b2928e22547a6648a78e5a19aaa2e5220e626df245c9b5a483e3ee6d0afc74bac6a03f8c64214dd11eef4b5d14e4a
- SSDEEP
  
  12288:Js1KdJVZz5d20qfcNdJaq5dsr1Z7SVJ2cJ0qSTXyl/ezVXUjlmlJkDLdjSV4AD7t:JsKVZ9fA8sRZoH0qSTXylpjlmMsV4AP
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan