agenttesla | 8d9ee26ff16ba2d8a4aadddf38b00e02d5b09b584fc7743609c594adbfdb68b7 | Triage

Sharing

General

Target

MT Bei Hai Feng Huang.exe
Size

244KB
Sample

230508-p7hp9aaf83
MD5

5baf411e6e472abc3b60d13e36efe756
SHA1

13932b78baa8add3c2bf5f58cb615027f08252c4
SHA256

8d9ee26ff16ba2d8a4aadddf38b00e02d5b09b584fc7743609c594adbfdb68b7
SHA512

514b927936e7438b8dbe984b5a30999bb26839aab5a5fd920600c0ed93d356b82e5d7d357568bd889836bd013d94636ec9f51b2ff16b3d2f5df747bf754a8976
SSDEEP

6144:4Pc0K01SXzOG7rcqzp2ROobxKcYz36hqPIoiCF2WDJXzLn4:Yc0K01SiG/Pm1kGaIg2WDd

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1897716112:AAEAtOCkOV8umHBB93Og24bkiIdUKReGK44/

Targets

- Target
  
  MT Bei Hai Feng Huang.exe
- Size
  
  244KB
- MD5
  
  5baf411e6e472abc3b60d13e36efe756
- SHA1
  
  13932b78baa8add3c2bf5f58cb615027f08252c4
- SHA256
  
  8d9ee26ff16ba2d8a4aadddf38b00e02d5b09b584fc7743609c594adbfdb68b7
- SHA512
  
  514b927936e7438b8dbe984b5a30999bb26839aab5a5fd920600c0ed93d356b82e5d7d357568bd889836bd013d94636ec9f51b2ff16b3d2f5df747bf754a8976
- SSDEEP
  
  6144:4Pc0K01SXzOG7rcqzp2ROobxKcYz36hqPIoiCF2WDJXzLn4:Yc0K01SiG/Pm1kGaIg2WDd
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan