agenttesla | 16bcf3f56d0fa8dc3a750238c20808f53a51f0b6801eb590d25b092b6f0821b4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16BCF3F56D0FA8DC3A750238C20808F53A51F0B6801EB590D25B092B6F0821B4
Size

722KB
Sample

230518-qzpdhaab7t
MD5

b10cc6be1d76da123e1d4be677516275
SHA1

8a5038213ef53374662818ad2a79157aaa713e62
SHA256

16bcf3f56d0fa8dc3a750238c20808f53a51f0b6801eb590d25b092b6f0821b4
SHA512

6208b841ab7e2811372830a8497a77858b77bbb96b37caee87cc1cb101b2b20a88d579780cb7efa4d719b4b1b7f88e0d782623625b52f29be2ec8ee51fd5a9c2
SSDEEP

12288:xbNFAg88PQTjDBDp9TROk15aD9Oljd5sIIqWSU88au8tbouHXatP/Cou0+Cf:x/DQTPBDHU9Opd5sII7LzaFJo3Pqoj+S

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.itzayanaland.com
Port:
587
Username:
[email protected]
Password:
H!S6_PFHTAN{
Email To:
[email protected]

Targets

- Target
  
  Pago 202310038700.pdf.exe
- Size
  
  1.1MB
- MD5
  
  ffb885882a0f25ea34ecd01e3e9735f0
- SHA1
  
  bcedc6f606dd0a39b94f04252af88c3edd57a06c
- SHA256
  
  64d673ab703de588ebe64fcf054c8941cc24cad19f07a28ce874b7d95863fdf0
- SHA512
  
  35cb462133ea3fb9776def813434a305ac4f92902e1aee0e5cf75ce7ff3ddeb2027a4b66542f1ea94a9788f20f57b841c56c6ebfc354af5ae68baa9dfdbb6a69
- SSDEEP
  
  24576:4vUDd4HOg70L/eI4gsonSZUULOEjiBCQBtV/XKmfA5Kh9:yUD6HOg2ugsoElbM
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan