agenttesla | 406d016293166aaf53343c1a8a7060c82326b63765c02fee8bab3d3644cc2c78 | Triage

Sharing

General

Target

406d016293166aaf53343c1a8a7060c82326b63765c02fee8bab3d3644cc2c78
Size

840KB
Sample

230523-jbsbxsfb9s
MD5

ae3300545a8b7b614d5d974e70769052
SHA1

dfa7186a4d43e20caf1e3f8cce4301a1915ecc2d
SHA256

406d016293166aaf53343c1a8a7060c82326b63765c02fee8bab3d3644cc2c78
SHA512

09f011f005ce2ca2d96d4222ee7c25b763fe00579c6ec8ec923c3328f20c190088b7fc5baa6d84b85192f3d3aa4006ea78cd871a3afe48f22adef3826c26abed
SSDEEP

24576:e+X+AbUEyPPtHyVvi69V7CM1gT6SKIKTn6AL:rbUEyPPtHsiwgM

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.safinaco.com
Port:
587
Username:
[email protected]
Password:
0973913799

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.safinaco.com
Port:
587
Username:
[email protected]
Password:
0973913799
Email To:
[email protected]

Targets

- Target
  
  406d016293166aaf53343c1a8a7060c82326b63765c02fee8bab3d3644cc2c78
- Size
  
  840KB
- MD5
  
  ae3300545a8b7b614d5d974e70769052
- SHA1
  
  dfa7186a4d43e20caf1e3f8cce4301a1915ecc2d
- SHA256
  
  406d016293166aaf53343c1a8a7060c82326b63765c02fee8bab3d3644cc2c78
- SHA512
  
  09f011f005ce2ca2d96d4222ee7c25b763fe00579c6ec8ec923c3328f20c190088b7fc5baa6d84b85192f3d3aa4006ea78cd871a3afe48f22adef3826c26abed
- SSDEEP
  
  24576:e+X+AbUEyPPtHyVvi69V7CM1gT6SKIKTn6AL:rbUEyPPtHsiwgM
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan