agenttesla | 656f08f66aac9f481e1403076c0e88732309d9dc8fe7fba6f1adc4c8e4488f7d | Triage

Sharing

General

Target

3yP227L-67450-08E3B108009BDD55246fffa3560.txt
Size

964KB
Sample

230330-mwehcadg6t
MD5

f962f944f891ed40f73a7b63b34a5c93
SHA1

4651a08d44d1e31b807fd56550a10bec89738fb5
SHA256

656f08f66aac9f481e1403076c0e88732309d9dc8fe7fba6f1adc4c8e4488f7d
SHA512

ba15dc4b5c60202ce568c0d40b3f8d3d5b1f6031e7ea5209bf3ef3e3862cada0b70f61579c01c829d699c17a880ca7bc145d48cc7c35c70d04161b7712474802
SSDEEP

24576:pXK2nWikO7bWtHqGrEN4yBYXPE9q79a/mm/1B:parikXENYPEcW

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.mbarieservicesltd.com
Port:
587
Username:
saless@mbarieservicesltd.com
Password:
*o9H+18Q4%;M
Email To:
iinfo@mbarieservicesltd.com

Targets

- Target
  
  orden de ##compra.r09
- Size
  
  429KB
- MD5
  
  184ee15738a3057a38833e3b4fbb522a
- SHA1
  
  a9efde6409144686905e5d3945c26f77a7380bb1
- SHA256
  
  e3d6bd35558702ac5335dc818b6bb8a576f1ade7c5963667a600ca0a5f3267ec
- SHA512
  
  54f59ebc7a27c9bf584e5576b6927b6d90237aba7ea81987756688722e59c7ecd81213f66374d27171ff06180e8be0231059ed3d903f52bfcef9fc21242ad3e5
- SSDEEP
  
  12288:IaQVM8LHmtGdrX0J4maBtiqFnvi7rvUUu9Vd:QVMSrX04BtTFnq7r81v
Score

3^/10
behavioral1 behavioral2
- Target
  
  orden de ##compra.exe
- Size
  
  449KB
- MD5
  
  05ecc56527fcba96bbac7cb98ea2e9fd
- SHA1
  
  09e3ec61ae4e9d32f905cadff6e380350eb36c82
- SHA256
  
  8bfbb0ea2d51386413aaf7cb64ee4191ebdf511a8c0a07bc6d755376bf014ae8
- SHA512
  
  a3e69e632b16ceea3dcfb048f2c3fe24ecb236c29dbaba98449c3f48f67505cecafea32db686a09aa6d5fdcf11732c42b1e2ee99a698b7a6da2c75fb8fd7a2ea
- SSDEEP
  
  6144:c/AHjYh29QTrUwbB25+bZ3OV/ijNonSWqivSptk57tt43fN6YNfGewTAya70:XKPtB0+8Uj+zmtkW3sYNfGTA
Score

10^/10

agenttesla keylogger spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

agentteslakeyloggerspywarestealertrojan

behavioral4

agentteslacollectionkeyloggerspywarestealertrojan