agenttesla | 95d49b0ec839ae800171e648c1768b328109028032d4ee7d00e9f4153c7dca1d | Triage

Sharing

General

Target

NEW ORDER ENQUIRY-JQ2341024749.pdf.xz
Size

610KB
Sample

230608-j95d5sdb86
MD5

acdc75598827e2d6e2bc0825e2181240
SHA1

7bac8711ceead6ccc530f03af699646ea07e0b11
SHA256

95d49b0ec839ae800171e648c1768b328109028032d4ee7d00e9f4153c7dca1d
SHA512

123730755d4b6e506abc2729800503e5ca179b6a9d9528086ef19a933b783d8e90f995a0241376d29d07f0282869974e07e54b60dceb31c582b7f9e7f810a900
SSDEEP

12288:vfUnHQPCnYyuGBwjfK95tzqi/5DSG4SOJvFTF3DLZoFkk:UnH+lGiK95tzl/EG4S8TFvG5

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
JUGCRsm9
Email To:
[email protected]

Targets

- Target
  
  NEW ORDER ENQUIRY-JQ2341024749.pdf.exe
- Size
  
  1014KB
- MD5
  
  3a629e0c90950ad8a90bf6c64cc25555
- SHA1
  
  b04d169506f11c5354ffcd2eecf3df153e8c6f63
- SHA256
  
  40247a3716900e213541061e25967670cfaa9415f554228dd6766e93a0def8f5
- SHA512
  
  7dffb6183fad67b3364c874efb76c352e333ab945e6510c1d6b2ab7fc94629c609ed68e8e545cc42f2e2d97d1a11bc4a072333d65fac55c60850eb86cee36f24
- SSDEEP
  
  12288:cNEewUSsZsVP8Pl1YKHjjD1966I4/u0Oa1ipDMJYx76npgI9DDUEiLNngci0gNs3:hdP8FH196v4F+SJYmvFiS3uRZf
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan