agenttesla | f281910eb689ada7ab3d65e7ef1babd45f14c21b7750656640a4bfb702887d48 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9455 && 9556.z
Size

46KB
Sample

230601-mmzf6aec31
MD5

100f1cd9c8deb962cd1299f4c2d266da
SHA1

4d1bccff94cf556f0e5920146cdeaacc5f341132
SHA256

f281910eb689ada7ab3d65e7ef1babd45f14c21b7750656640a4bfb702887d48
SHA512

ae8a371c0bf207e1a8a61583d1aec8e1005d119a2e686001cca8079ba1a26352c322304bfc42b84e26ea6005b39444fbaf514eabab4e239ce005949f847d8349
SSDEEP

768:nbXQdnYkE+7YatyLuti+7eZ+imki6FNFQd5FtskjQ1tissl3NiJT:8dYd0tyAiEeZ+fkFmnjQco5

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.mbarieservicesltd.com
Port:
587
Username:
[email protected]
Password:
*o9H+18Q4%;M
Email To:
[email protected]

Targets

- Target
  
  9455 & 9556.exe
- Size
  
  102KB
- MD5
  
  1fd49c50e4f29532ab9d20e0adb19855
- SHA1
  
  fc121f975f2397396a7216b14cfa405e43b7d30e
- SHA256
  
  905a5cfdac803dd160971312b6a58ee0e104d162393c48ea3af6b685e4316630
- SHA512
  
  0c5552b41107e97113291d4cede7dc6caa39b49416cf12889270c3450d52af0df1d3f73bdd13e39b1818f059825a66163137d2ffaf911c96db6cf2171aadeb82
- SSDEEP
  
  3072:hdhJVZbIUqVANpDMvy3wtrKSNgAJ9pZOk+:8n5X1KJAJ9pZO
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan