agenttesla | 492e1326b06eba2a9db61133c0a33ad34b03c8ba10924259330429ca64b24326 | Triage

Sharing

General

Target

Fiyat Teklif - Altin Muhendislik A.s Siparis 34 263.exe
Size

987KB
Sample

230711-p1r1caab4w
MD5

1914d792f655757f4262904e5bb1a97e
SHA1

131c57e92d4bb64222f568bd08eb6f53f4eef1ac
SHA256

492e1326b06eba2a9db61133c0a33ad34b03c8ba10924259330429ca64b24326
SHA512

5725acec4bfb29700a7043b95112aa3e620112d7a211db3c0b59a070c954411efdc86edce5e8da69c03d72b924e9857af95828658ba53144f6871d1179b21da4
SSDEEP

12288:3h1Lk70Tnvjc6kTsO9ZlJACtyuOXmw0NONzv8INcJZzBSUN/rg40sP0EXwAVVSmM:jk70Trc6yl9tA2NI0UV+JBzrgfc47

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://discord.com/api/webhooks/1126419955634688050/yHbrubx366X_Wn_C4JcQbucXxlXRqxsG0O4bz5LxWso8RUXTpr0uNHjuz89z2GRXyE-6

Targets

- Target
  
  Fiyat Teklif - Altin Muhendislik A.s Siparis 34 263.exe
- Size
  
  987KB
- MD5
  
  1914d792f655757f4262904e5bb1a97e
- SHA1
  
  131c57e92d4bb64222f568bd08eb6f53f4eef1ac
- SHA256
  
  492e1326b06eba2a9db61133c0a33ad34b03c8ba10924259330429ca64b24326
- SHA512
  
  5725acec4bfb29700a7043b95112aa3e620112d7a211db3c0b59a070c954411efdc86edce5e8da69c03d72b924e9857af95828658ba53144f6871d1179b21da4
- SSDEEP
  
  12288:3h1Lk70Tnvjc6kTsO9ZlJACtyuOXmw0NONzv8INcJZzBSUN/rg40sP0EXwAVVSmM:jk70Trc6yl9tA2NI0UV+JBzrgfc47
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan