agenttesla | 9497d4398c54ed5ed9f3b954ae86cc6b32e9370a7b11261463ffee4036b34e12 | Triage

Sharing

General

Target

nPayment_document.iso
Size

904KB
Sample

230615-f1ekkseg23
MD5

ed5bd7443ecd91ac8cd78a7eb1344fae
SHA1

8c9f71290b8fc56e31d8bce397996a5e2fc41e68
SHA256

9497d4398c54ed5ed9f3b954ae86cc6b32e9370a7b11261463ffee4036b34e12
SHA512

67fb0c812d3eb8c90e271584fb2348295f80a20195086b7add3234e4a59b693984650280877aabbf9c44cc3acd1dca7afe99c4ff25fbb6db770ce9e0f12b0cf4
SSDEEP

12288:V+uEfG3nUHprmxYsWzK5yge/AXjwmp8PPwRtb0KgHh8ntZMR+Z3D:V+uEfG3UJrLvuvtXjSobK8ntKA

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.controlports.info
Port:
587
Username:
[email protected]
Password:
niggawesternmen321@
Email To:
[email protected]

Targets

- Target
  
  Payment document.exe
- Size
  
  842KB
- MD5
  
  de0b643459f59b88b3ae511b986eb868
- SHA1
  
  476a1bb239548c0d1c16ba415c425cd8b56d6c45
- SHA256
  
  999c708503ca5289854b3347f0a9115d596676ba1f41b51b0bf9ff1f12ced04f
- SHA512
  
  8253bfecd8a046bc394524317e46596ff8fee6db82c55656bd6f21784de64e415205482191b6d98c31df3c227f9863f06d4066768441dcf59aa5d0c9f664413a
- SSDEEP
  
  12288:f+uEfG3nUHprmxYsWzK5yge/AXjwmp8PPwRtb0KgHh8ntZMR+Z3DP:f+uEfG3UJrLvuvtXjSobK8ntKAL
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2