agenttesla | d9c078eee29bbf1fa6676ddad6c290a903d4485a56c8a31c50e4c639680a1a00 | Triage

Sharing

General

Target

Quote JQ2341024749.pdf.exe
Size

794KB
Sample

230328-pvmhnscf7y
MD5

3a71f65f7c59f652565a2b2e0000b997
SHA1

a39c10b001142ba93666742ea8801ac0a5db8501
SHA256

d9c078eee29bbf1fa6676ddad6c290a903d4485a56c8a31c50e4c639680a1a00
SHA512

d612cb3441568d7a859ae0d1cd46d6e226b4a74b40a06ac636132cd2356ebf6661948d2de9813e2eb29b23affa5f6db7c4f0f2255733cc3515ae638c4201c8ea
SSDEEP

12288:aA5eB0ODqXH6TC57yItUMEyMqleZbLjU8rnoK8wC2iDvv7i4XJhZ:aA5GRqXHV7VlEPqM1jUKx8wE7vLD

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
logs@modernplesticgoa.com
Password:
JUGCRsm9
Email To:
logs@modernplesticgoa.com

Targets

- Target
  
  Quote JQ2341024749.pdf.exe
- Size
  
  794KB
- MD5
  
  3a71f65f7c59f652565a2b2e0000b997
- SHA1
  
  a39c10b001142ba93666742ea8801ac0a5db8501
- SHA256
  
  d9c078eee29bbf1fa6676ddad6c290a903d4485a56c8a31c50e4c639680a1a00
- SHA512
  
  d612cb3441568d7a859ae0d1cd46d6e226b4a74b40a06ac636132cd2356ebf6661948d2de9813e2eb29b23affa5f6db7c4f0f2255733cc3515ae638c4201c8ea
- SSDEEP
  
  12288:aA5eB0ODqXH6TC57yItUMEyMqleZbLjU8rnoK8wC2iDvv7i4XJhZ:aA5GRqXHV7VlEPqM1jUKx8wE7vLD
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan