agenttesla | 29a7c6854e8920505d8701b93a6758c7428018619776d58b2cabd5b0ae365ac9 | Triage

Sharing

General

Target

21022024_2157_21022024_doc20242102070611.img
Size

1.2MB
Sample

240221-q9pr1sgd41
MD5

2bfd8360b67fdb5007b791d4d8d709ba
SHA1

c5917bd21785f70f5389596884359a24bd4d797e
SHA256

29a7c6854e8920505d8701b93a6758c7428018619776d58b2cabd5b0ae365ac9
SHA512

fb298df1765f1e4be39690c6df67b370c2ac148b79ff429980fee6f0e0e07f4df1155a395c541a8c91613e192f059b6d20c02bc2d968bab24e9f3a010ec79de1
SSDEEP

48:5sdXZBkBUJIJj0e6V3vXPMRpuSHjraGMGcb:5+XZBkBUJIJj0e6V3/0RgSHaGMG

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.knoow.net
Port:
587
Username:
[email protected]
Password:
boygirl123

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.knoow.net
Port:
587
Username:
[email protected]
Password:
boygirl123
Email To:
[email protected]

Targets

- Target
  
  doc20242102070611.bat
- Size
  
  910B
- MD5
  
  0a4c91bef832d0127d748ee10069295a
- SHA1
  
  5e3b6385df4b1dc17cc0dd46e75294fd07f9370f
- SHA256
  
  c8b3d04f87e949c97d4065f8cc667fbd4732dee185bea5d5b8a149aaf2f40987
- SHA512
  
  7fef3749b165365813a691b81c19208c58713770f57e3003d565ee3d84abec58bdd2d5ca762523f88aa8f7a4f69bc9cc386d0cef4b73c0b23aeeee73cccb6ad3
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerspywarestealertrojan