agenttesla | 5da1b3537b33feef0da4adcc435e682b875de40a6e3ce1024a6c5e483bda8ff1 | Triage

Sharing

General

Target

LATEST RATE.exe
Size

1.1MB
Sample

230329-z5ldgabe9v
MD5

5b1f4e2b1ae240311980d2f6186cf88e
SHA1

36e0e9c15f9d21c9ecbd40ac3bdf03ab34245c82
SHA256

5da1b3537b33feef0da4adcc435e682b875de40a6e3ce1024a6c5e483bda8ff1
SHA512

42db37dbf80ce648f72e7afcb8be38b9c81c30e366531d913b9e690c69312d551ef217e343a8810e1c024124cc516df9108ecb299533357ad818e20bd1ab2162
SSDEEP

12288:zWHNC1Q/rusz7NxS+Q7+GvwP2FAihZ+YBtskhYT75geR5Of6oAGGomaJQWRu125X:sLGHK5EGjtWo1raPMVu

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.mibmglobal.com
Port:
587
Username:
[email protected]
Password:
mibmg3010!
Email To:
[email protected]

Targets

- Target
  
  LATEST RATE.exe
- Size
  
  1.1MB
- MD5
  
  5b1f4e2b1ae240311980d2f6186cf88e
- SHA1
  
  36e0e9c15f9d21c9ecbd40ac3bdf03ab34245c82
- SHA256
  
  5da1b3537b33feef0da4adcc435e682b875de40a6e3ce1024a6c5e483bda8ff1
- SHA512
  
  42db37dbf80ce648f72e7afcb8be38b9c81c30e366531d913b9e690c69312d551ef217e343a8810e1c024124cc516df9108ecb299533357ad818e20bd1ab2162
- SSDEEP
  
  12288:zWHNC1Q/rusz7NxS+Q7+GvwP2FAihZ+YBtskhYT75geR5Of6oAGGomaJQWRu125X:sLGHK5EGjtWo1raPMVu
Score

10^/10

agenttesla keylogger spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan