agenttesla | 4684b8747bbfba6860cf67f473b418cc2b149aef01af36cb468d5cc308b689b1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Halkbank_Ekstre_20230426_075819_154055.exe
Size

972KB
Sample

231023-jly78aeh2y
MD5

bc0e10ca4723910e4873b2bf1d3b5568
SHA1

be377f761ccd1b2b988460446565e583c4ab904d
SHA256

4684b8747bbfba6860cf67f473b418cc2b149aef01af36cb468d5cc308b689b1
SHA512

bdd92f708f8d50fb19020ca7944128fdc9ba7e06d17f9d0af506bb667b94f3681ded8bc8c4ef3e29ebb08dd07d056ca9f4793f2fa7d854c6b345803f89a3ad03
SSDEEP

12288:9gR/mZRM+kmaq0E4LqGSLo3xhlk27Hq5GGtPC+ZU9f5mtkm0fiE:9gkZR5kJEoqahh2cHQGGtP3u9Uj0fiE

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://discord.com/api/webhooks/1164074830275026954/1zinmGxrS_UVgl9V_DEKVgNcoyDdkCmkWgTvporQScIEsCWaH7v_TeOPPgJvBIMuWtmJ

Targets

- Target
  
  Halkbank_Ekstre_20230426_075819_154055.exe
- Size
  
  972KB
- MD5
  
  bc0e10ca4723910e4873b2bf1d3b5568
- SHA1
  
  be377f761ccd1b2b988460446565e583c4ab904d
- SHA256
  
  4684b8747bbfba6860cf67f473b418cc2b149aef01af36cb468d5cc308b689b1
- SHA512
  
  bdd92f708f8d50fb19020ca7944128fdc9ba7e06d17f9d0af506bb667b94f3681ded8bc8c4ef3e29ebb08dd07d056ca9f4793f2fa7d854c6b345803f89a3ad03
- SSDEEP
  
  12288:9gR/mZRM+kmaq0E4LqGSLo3xhlk27Hq5GGtPC+ZU9f5mtkm0fiE:9gkZR5kJEoqahh2cHQGGtP3u9Uj0fiE
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan