agenttesla | fdb73e27d05601654fb1a1f982b989e6c955c79d40b39fe9880799c7e2ae3e72 | Triage

Sharing

General

Target

589c40269e48be003a52eba02059b799.bin
Size

595KB
Sample

230924-byrd5sbe61
MD5

3ee5d1bf6ff679597cd9f9b74c3f0d36
SHA1

14c33f9a0b14caf9d56de217bdb7679808fb722b
SHA256

fdb73e27d05601654fb1a1f982b989e6c955c79d40b39fe9880799c7e2ae3e72
SHA512

d5de893cec2673a3771637bd1db61236795fb73709b1edc45945f0c265171589b373fadb3e377c131e5dd2573af8f4d8b91989f7d4eb54dcca2036f393337851
SSDEEP

12288:YV/tJquF7ORfiNZrftBJp0zZ/Au3/+NFkyn4thh11/6o/EIomS0l:efGKhjJp0JT/+NCys11/Hsz2

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1825997726:AAGPprxg7buaDald2KuJBRQPs7-UqKQQUGU/sendDocument

Targets

- Target
  
  0e5c5af6b17972bfe1b465f590f9bc5b977286174e2d05d3cc2434c9a283af97.exe
- Size
  
  1.5MB
- MD5
  
  589c40269e48be003a52eba02059b799
- SHA1
  
  7505a3fd114f46b0fd4d387a198c1d54bdaaa1ca
- SHA256
  
  0e5c5af6b17972bfe1b465f590f9bc5b977286174e2d05d3cc2434c9a283af97
- SHA512
  
  27f0ab4065d40d26d7d7b461b3e7bb20a375c6b7e790bcca49284d8b036c5779dde4ffae7e7c7a1a3ae0cb913d137e931805018aeda980a429d3d7bfcdb5077f
- SSDEEP
  
  24576:HEWJhM2bTF78AEnxBgtymNsk9GAGmQ3Wc:p56AJNscGmQ
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan