agenttesla | 0c0931a4cd15ff3eac97647cc00d2872fa4898858c0319b0897fa5bf3776cf9a | Triage

Sharing

General

Target

245245254.r00
Size

194KB
Sample

230519-pbr9tadg23
MD5

ed4449466330f454a610a146c51bcd99
SHA1

1f7d9622b64cd75ea442bbc47157ab2afe31c709
SHA256

0c0931a4cd15ff3eac97647cc00d2872fa4898858c0319b0897fa5bf3776cf9a
SHA512

67a74a36e3a15ff740fdab8983139cf8221c6fc63bd8f033473fc28d6c2572b3e63fb9339b10715bba742859d6bbe87772a5a24e4f5b53060eee3fd9915c7c95
SSDEEP

3072:ctuSD/pKLSKGXIRCoB3EvqPhJIB9Dz/2IxLvEID+rcwufK6+5JLQ5H1JCQjjFkOw:Vp263EiPhqB9f2Ix7M0SJM5H1YQCOetp

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6225839139:AAHOVxUdRr3_xezeR4e_GlriGQEKuUFBpW0/

Targets

- Target
  
  PO9839383.exe
- Size
  
  238KB
- MD5
  
  a5c83c6ebe289f10bc234898385e889e
- SHA1
  
  22d30090942fc7b1f266028450cf05c72d82f4c5
- SHA256
  
  bd176aba121ee1111813afe94594ee38b7773dc660833775dd289060db7fe6af
- SHA512
  
  bbf7a51fcc80498c27f6432cddce72fbf19e37a83ea828d050b2f0ebb04baa13971534f1ef86178960178ba6493e04143471e19da0cd8906841d091dea87e05f
- SSDEEP
  
  6144:2MMEA9YT6HlpvxlktuwpWJe21UZpeo1ObSFRXXpvj5:XYYWFvlauwpnbnIyRXXb
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan