agenttesla | 2826cf1541f69a6790889af933a24db2f28fd8e04a8c5dd5ec2d7ee2ef93d0fe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bank details.exe
Size

598KB
Sample

230424-1lanasge4z
MD5

5c50f0f4f7a4305464b0a9b14b33b006
SHA1

d7d5ef83af768a6bfe520f397f55a9d138d5f6f7
SHA256

2826cf1541f69a6790889af933a24db2f28fd8e04a8c5dd5ec2d7ee2ef93d0fe
SHA512

bcde21313a6ea85d63a88308e7e7d20ec9088bc63ba0bb23d46f815286764b3563cb8cb89c841830a7ba1557148ab3d96837706a2edbd34ac37423afe135f00f
SSDEEP

12288:weW/T7I3AA/98qzGTfQLFRPzci/9iMH+hc7VGmR7WQI:Hi7up8rcLvPPoMHdxv

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.expertsconsultgh.co
Port:
587
Username:
[email protected]
Password:
Oppong.2012
Email To:
[email protected]

Targets

- Target
  
  bank details.exe
- Size
  
  598KB
- MD5
  
  5c50f0f4f7a4305464b0a9b14b33b006
- SHA1
  
  d7d5ef83af768a6bfe520f397f55a9d138d5f6f7
- SHA256
  
  2826cf1541f69a6790889af933a24db2f28fd8e04a8c5dd5ec2d7ee2ef93d0fe
- SHA512
  
  bcde21313a6ea85d63a88308e7e7d20ec9088bc63ba0bb23d46f815286764b3563cb8cb89c841830a7ba1557148ab3d96837706a2edbd34ac37423afe135f00f
- SSDEEP
  
  12288:weW/T7I3AA/98qzGTfQLFRPzci/9iMH+hc7VGmR7WQI:Hi7up8rcLvPPoMHdxv
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan