agenttesla | 333b4a89730feb420bc1a76bed5c75943e663abd60eaf91c1bafd8417ccab76d | Triage

Sharing

General

Target

Cotización-202002722.pdf.exe
Size

454KB
Sample

230328-vzvbzadh2v
MD5

617c28ec9403e42fbbce2915d7b9ca98
SHA1

12676d2161a1a8640a555bbce0fd7dcbb1ceb903
SHA256

333b4a89730feb420bc1a76bed5c75943e663abd60eaf91c1bafd8417ccab76d
SHA512

bbc67585f09c19cabaae345ee57c5bdca551ee1349c24b0404a9cc570bb467ee2e807a4eca4bcf150d424b7b40407c241a8e7679d18b7e05ac63a3e9ddee4994
SSDEEP

12288:y/6fGJ3rRkmrrLG9oouz/rJdNOY/WrdqgYic81v:FCbRzLG+ourldNOYkdPo81v

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.itzayanaland.com
Port:
587
Username:
security01@itzayanaland.com
Password:
H!S6_PFHTAN{
Email To:
security01@itzayanaland.com

Targets

- Target
  
  Cotización-202002722.pdf.exe
- Size
  
  454KB
- MD5
  
  617c28ec9403e42fbbce2915d7b9ca98
- SHA1
  
  12676d2161a1a8640a555bbce0fd7dcbb1ceb903
- SHA256
  
  333b4a89730feb420bc1a76bed5c75943e663abd60eaf91c1bafd8417ccab76d
- SHA512
  
  bbc67585f09c19cabaae345ee57c5bdca551ee1349c24b0404a9cc570bb467ee2e807a4eca4bcf150d424b7b40407c241a8e7679d18b7e05ac63a3e9ddee4994
- SSDEEP
  
  12288:y/6fGJ3rRkmrrLG9oouz/rJdNOY/WrdqgYic81v:FCbRzLG+ourldNOYkdPo81v
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan