agenttesla | 45a156f54da1d261e560ed2ebfd861aca470562ccca7878f44421de8089c224e | Triage

Sharing

General

Target

Dekont,pdf.exe
Size

220KB
Sample

230403-pp3ygagc3z
MD5

3f1c97d2f5200204e711e812b63b2b99
SHA1

b7edbc37fd17d4b1d890ffa5565b548f4aebb40e
SHA256

45a156f54da1d261e560ed2ebfd861aca470562ccca7878f44421de8089c224e
SHA512

05893ea315eab2e08dfbc8d8cdf1edcfe9086ac48e02c9ebc02e3319eb7901e0097ecaf2156275773f47dce332a7d4274bbb596ae1763cde78bd1e55e7a25131
SSDEEP

6144:fYYUtx+U3w8fg7Mv2D7mtGB8BHVQ+zJcM/PA6gLnqI:fFUt4eq+2Xmto8BjF9AuI

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6120421924:AAHfDg3lTzDUW4O1CSc9eyT6zf8UpaOZqyY/

Targets

- Target
  
  Dekont,pdf.exe
- Size
  
  220KB
- MD5
  
  3f1c97d2f5200204e711e812b63b2b99
- SHA1
  
  b7edbc37fd17d4b1d890ffa5565b548f4aebb40e
- SHA256
  
  45a156f54da1d261e560ed2ebfd861aca470562ccca7878f44421de8089c224e
- SHA512
  
  05893ea315eab2e08dfbc8d8cdf1edcfe9086ac48e02c9ebc02e3319eb7901e0097ecaf2156275773f47dce332a7d4274bbb596ae1763cde78bd1e55e7a25131
- SSDEEP
  
  6144:fYYUtx+U3w8fg7Mv2D7mtGB8BHVQ+zJcM/PA6gLnqI:fFUt4eq+2Xmto8BjF9AuI
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan