agenttesla | 1b3662e68c3970c3ad2c9cff4b034a88823e67c7da54842519ac8dfefd87a883 | Triage

Sharing

General

Target

PURCHASE ORDER.exe
Size

699KB
Sample

230530-ssftwsad23
MD5

c3577d14cda7504d8ceaa9ae26fbb70d
SHA1

0c79db2c4ca4f153d231a6378159675f9a111e0f
SHA256

1b3662e68c3970c3ad2c9cff4b034a88823e67c7da54842519ac8dfefd87a883
SHA512

7d0a253a8676dd04202c9e643e0c4debf48c68f6b26163b38bb6726e1855bb41af93b1dbb139eddda689413ff56bb2c4218238492a954fc03cf5e0fef071f868
SSDEEP

12288:shqGsDJiANmZk7wqHbjuEIxhF/vM16DXY9soO:s4N1imP/ahvQi

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
sarahfoils.com
Port:
587
Username:
[email protected]
Password:
Scalatica01
Email To:
[email protected]

Targets

- Target
  
  PURCHASE ORDER.exe
- Size
  
  699KB
- MD5
  
  c3577d14cda7504d8ceaa9ae26fbb70d
- SHA1
  
  0c79db2c4ca4f153d231a6378159675f9a111e0f
- SHA256
  
  1b3662e68c3970c3ad2c9cff4b034a88823e67c7da54842519ac8dfefd87a883
- SHA512
  
  7d0a253a8676dd04202c9e643e0c4debf48c68f6b26163b38bb6726e1855bb41af93b1dbb139eddda689413ff56bb2c4218238492a954fc03cf5e0fef071f868
- SSDEEP
  
  12288:shqGsDJiANmZk7wqHbjuEIxhF/vM16DXY9soO:s4N1imP/ahvQi
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan