agenttesla | ff46ba0b89f1887db1caa1fb8e369c959eff4c112be547d8c7a39a1a3394fe22 | Triage

Sharing

General

Target

ff46ba0b89f1887db1caa1fb8e369c959eff4c112be547d8c7a39a1a3394fe22
Size

1009KB
Sample

231207-c8jmqaaeb7
MD5

57e91f23b1ca539d16f25383733b5565
SHA1

6aa28303dd0f9dd87b286f7725de05e4dbae50b6
SHA256

ff46ba0b89f1887db1caa1fb8e369c959eff4c112be547d8c7a39a1a3394fe22
SHA512

c86f14ea08d3e0d2083f92272f6d27973478000576403ce56cb488bc6c3da9e6a0b120bbfc1c7e86b14b5c80e0b5d2b76b1f365289d8601a43a93e149ae17ac4
SSDEEP

12288:MdIUTZRHiGs2cFVsDv04+R3ZCxTDqqc8lgExRw1:MBZoGbfv/+R3ZoTDLFlgSy1

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://discord.com/api/webhooks/1179011823245217852/BApmSysJ7ds4rFscxhzRAHKJv1hyP1UFKhyfN1ojsei9HMF0L9z-hwZZiDIGOsncVkXv

Targets

- Target
  
  ff46ba0b89f1887db1caa1fb8e369c959eff4c112be547d8c7a39a1a3394fe22
- Size
  
  1009KB
- MD5
  
  57e91f23b1ca539d16f25383733b5565
- SHA1
  
  6aa28303dd0f9dd87b286f7725de05e4dbae50b6
- SHA256
  
  ff46ba0b89f1887db1caa1fb8e369c959eff4c112be547d8c7a39a1a3394fe22
- SHA512
  
  c86f14ea08d3e0d2083f92272f6d27973478000576403ce56cb488bc6c3da9e6a0b120bbfc1c7e86b14b5c80e0b5d2b76b1f365289d8601a43a93e149ae17ac4
- SSDEEP
  
  12288:MdIUTZRHiGs2cFVsDv04+R3ZCxTDqqc8lgExRw1:MBZoGbfv/+R3ZoTDLFlgSy1
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan