agenttesla

General

Target

Fiyat _PER 120 mg 150 ml 50000 units_scanneed 00101_1.bz.rar
Size

570KB
Sample

230419-q489gacf91
MD5

74d67fddd766ff0fb851802f9254f45c
SHA1

f032b14bf595aee218a52f2f52279910cfc0f94b
SHA256

c8ca3a65c6c7d703bdcd3ee67479c9693d1dd88936f029cb6c37891c0177b951
SHA512

b9c62bdc4a98fc1def31522a5221aaf5d65140eda79fe888d48b0a087850f5d569fee7f792bbd08d302187acc7db22f949ad8a0f0429245be8e05aa82f099416
SSDEEP

12288:5WQu7KU4cwORDdtg60wGFCSfGBiZeh/e1HrzYix1mLo+ol00pMZx2HQNk:507KuD3g60w3gGIZeZMniLozCx2wNk

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1360033246:AAF6H8m6YrL09doyxtsvJzZ_cIl__BCF4aU/sendDocument

Targets

- Target
  
  Fiyat _PER 120 mg 150 ml 50000 units_scanneed 00101.exe
- Size
  
  1.3MB
- MD5
  
  875158c7971cd71e8827776b0c7578ff
- SHA1
  
  dbf79e2e9238015f59bd81b257cd7ae49961bab5
- SHA256
  
  83100c748f9208b5a5b87ff1849751697b0d3edb2fc0f131edd4846ced0da8dc
- SHA512
  
  c02c732e299b091443f7ed8f84f04278fd0d0da7a9811c9acb566a16e5b3980d52d22ed3af612d677b7e77569f0b01ee6eac86880777d1450b03829a5e610db3
- SSDEEP
  
  12288:RSfU5Suz6AL3xnd8dNrhKm55jZG/JTzlFGWpIk9mySmcxhXSeg9Jrok7IYzHIzA:kuv5GsmTkf/tC78Cdxls
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla payload

Accesses Microsoft Outlook profiles

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2