agenttesla | fa248ec2c76556f7e9c71cc5979bea9f3cce8f565a44398b0e7fae3005f0b13a | Triage

Sharing

General

Target

PO3452302659 pdf.exe
Size

1.5MB
Sample

240122-xwg9cacden
MD5

fae4e4923fdb5a9079e873477bf92911
SHA1

99dea9162447750cdd502fc0eb16f2ca7c54ea33
SHA256

fa248ec2c76556f7e9c71cc5979bea9f3cce8f565a44398b0e7fae3005f0b13a
SHA512

126f372bc4431ad7a899f85c2f1f6d095966ed1eba8fc4cf3e6166514eb03a538bc6c29eae675330c811f6b62f2cb3cc17af1d6fbc8085ff84a6e7743efd8836
SSDEEP

24576:iWaS+JEfphxW553sSntC6s+6qbU0saooQaPSMdLAWqY8fWFEIJ3VUPvymws5IgZs:eS+axysYC6syUkoPaPS2AJNyxUP+Mk

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.ionos.fr
Port:
587
Username:
[email protected]
Password:
qualite77
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
smtp.ionos.fr
Port:
587
Username:
[email protected]
Password:
qualite77

Targets

- Target
  
  PO3452302659 pdf.exe
- Size
  
  1.5MB
- MD5
  
  fae4e4923fdb5a9079e873477bf92911
- SHA1
  
  99dea9162447750cdd502fc0eb16f2ca7c54ea33
- SHA256
  
  fa248ec2c76556f7e9c71cc5979bea9f3cce8f565a44398b0e7fae3005f0b13a
- SHA512
  
  126f372bc4431ad7a899f85c2f1f6d095966ed1eba8fc4cf3e6166514eb03a538bc6c29eae675330c811f6b62f2cb3cc17af1d6fbc8085ff84a6e7743efd8836
- SSDEEP
  
  24576:iWaS+JEfphxW553sSntC6s+6qbU0saooQaPSMdLAWqY8fWFEIJ3VUPvymws5IgZs:eS+axysYC6syUkoPaPS2AJNyxUP+Mk
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan