agenttesla | e9f611aaae38af4a81b3dda7c5997a4c8e852b6b87f4462b70bf5b5fa016e584 | Triage

Sharing

General

Target

RFQMI0016047.pdf.pdf.exe
Size

726KB
Sample

231205-wapkvsdd8w
MD5

c2cf87df8ae0643cc3fabb68833ee93a
SHA1

b086db553cbe24f70a6c8e79ace0323d6bc93553
SHA256

e9f611aaae38af4a81b3dda7c5997a4c8e852b6b87f4462b70bf5b5fa016e584
SHA512

96f8ff4226e3637fe254a3892397109ee2db3e3e17bf4b48eeaf596823d8adc2a62d8a66e4d69132212d6168c0975fa890fd0d0eaef39fda891d2e88d4ec20be
SSDEEP

12288:hgKE6jD/62iNG5nF81Gh2OojBxMHRaw3HaboW9IQM76K3y0Q9:hgKtD/61I4Gh2nrMHRaw3HabzINGwy0e

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
JUGCRsm9
Email To:
[email protected]

Targets

- Target
  
  RFQMI0016047.pdf.pdf.exe
- Size
  
  726KB
- MD5
  
  c2cf87df8ae0643cc3fabb68833ee93a
- SHA1
  
  b086db553cbe24f70a6c8e79ace0323d6bc93553
- SHA256
  
  e9f611aaae38af4a81b3dda7c5997a4c8e852b6b87f4462b70bf5b5fa016e584
- SHA512
  
  96f8ff4226e3637fe254a3892397109ee2db3e3e17bf4b48eeaf596823d8adc2a62d8a66e4d69132212d6168c0975fa890fd0d0eaef39fda891d2e88d4ec20be
- SSDEEP
  
  12288:hgKE6jD/62iNG5nF81Gh2OojBxMHRaw3HaboW9IQM76K3y0Q9:hgKtD/61I4Gh2nrMHRaw3HabzINGwy0e
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan