agenttesla | 3d816261fae9c40853c916d0ef92e0a282d885d15c6c5ce673c175c87da2c739 | Triage

Sharing

General

Target

PO#Q1024723.pdf.tar
Size

654KB
Sample

230609-mz476sbh73
MD5

9bc241f5cad10b3f3670f35b26b71635
SHA1

8f1784f69827e8710afb168f8d87b3d5d894dd64
SHA256

3d816261fae9c40853c916d0ef92e0a282d885d15c6c5ce673c175c87da2c739
SHA512

8afa1683205f68a6653cbd8c90f661ebb4af1ae794c979c3f62f1845a16ececf3f9427f60eae8a6297aa393ef93b978bb78304197bc6f71cd9fbc584cf563adb
SSDEEP

12288:72Hor7VIj4yDZxg703XGwSWfdMLiAI8UxxYdMTb7d54kx2CWSP16KayfY4hpC41f:qMG4Ixg70nNSgdML5qL37d59y6J9Y4n5

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
JUGCRsm9
Email To:
[email protected]

Targets

- Target
  
  PO#Q1024723.pdf.exe
- Size
  
  751KB
- MD5
  
  859e19cd2c33cde84c88d3ef82bc04d0
- SHA1
  
  a72367973df2fa4482b55462511447cbed781bae
- SHA256
  
  30a2b97369cb49a104c48274ea39b1af4b3a1eb9f8ece684632ee00bc409daeb
- SHA512
  
  b7cafe692c23706af83ecfb411f2501add348f7088434f3711e43c42dba49bb11eecc80778d16bb4cb7ea760774d09b753ba4acd74da37a35d9be91bce704638
- SSDEEP
  
  12288:pd6L7PVXf1i5bhaDnLMzIL2q+RTdOL8YbHFQom43DjlEmfssBUtrtyB21z3JJp3s:tOyqGUL8OHF1mdsBUt4BCbpl2mB
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan