agenttesla | 2ca750e641d81270a9ca70b2c38627e178f734126673480c3de97e7e2fb2966a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ORDER LIST_AUG7FIBA00541·PDF.scr
Size

1.2MB
Sample

230825-jw54hsbg41
MD5

aca0fd54a8846dd69444e2c961098228
SHA1

c4a2e2257e7b9c956d8a52945db7d6ad827fd26b
SHA256

2ca750e641d81270a9ca70b2c38627e178f734126673480c3de97e7e2fb2966a
SHA512

643bc9156bcdbcf0b129428b673069255811998005793a8d2af9ae5ecbb6d92c79f8a421cb8e4134230916f4d8005783d2832d6cedfa5a6694662c7a24a52a02
SSDEEP

12288:B1wzapwTwIhJU9RIY/ykh1xjLELXVFyFZ6Kf1kats892OVaNUZ9pwVg:B1pwMIhCIZ00FyFhfmatsSkNw7t

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
nxhvhvlhjbskrvmk
Email To:
[email protected]

Targets

- Target
  
  ORDER LIST_AUG7FIBA00541·PDF.scr
- Size
  
  1.2MB
- MD5
  
  aca0fd54a8846dd69444e2c961098228
- SHA1
  
  c4a2e2257e7b9c956d8a52945db7d6ad827fd26b
- SHA256
  
  2ca750e641d81270a9ca70b2c38627e178f734126673480c3de97e7e2fb2966a
- SHA512
  
  643bc9156bcdbcf0b129428b673069255811998005793a8d2af9ae5ecbb6d92c79f8a421cb8e4134230916f4d8005783d2832d6cedfa5a6694662c7a24a52a02
- SSDEEP
  
  12288:B1wzapwTwIhJU9RIY/ykh1xjLELXVFyFZ6Kf1kats892OVaNUZ9pwVg:B1pwMIhCIZ00FyFhfmatsSkNw7t
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan