agenttesla | 56608ce3c12c4502fcab65948d4e2bb6c49809d76901c05faea38ad75ef56f21 | Triage

Sharing

General

Target

Bank Copy 022824001.pdf.exe
Size

84KB
Sample

240228-rvn3lsdh4v
MD5

990fdb266e6a799f9c2954cd0887dbe3
SHA1

f0e9e5c06e8af74c6987b47ece1f5cd19e7f0b36
SHA256

56608ce3c12c4502fcab65948d4e2bb6c49809d76901c05faea38ad75ef56f21
SHA512

9162a51adebad452afd74178861c9c36553aa6a407747189bd5e92e53719126ff4a21c0721dac53a294e23315e77d2c09b32026f87b225eb4cc3f37a7ea2c1b4
SSDEEP

1536:z6qC8FeXpvgBn4x9FGuOwdYbQwYKF3LUzZyjv:z6qbeXqOEjw2bsKF3ANy7

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.ronaldsmith.loan
Port:
587
Username:
[email protected]
Password:
BillionPay$
Email To:
[email protected]

Targets

- Target
  
  Bank Copy 022824001.pdf.exe
- Size
  
  84KB
- MD5
  
  990fdb266e6a799f9c2954cd0887dbe3
- SHA1
  
  f0e9e5c06e8af74c6987b47ece1f5cd19e7f0b36
- SHA256
  
  56608ce3c12c4502fcab65948d4e2bb6c49809d76901c05faea38ad75ef56f21
- SHA512
  
  9162a51adebad452afd74178861c9c36553aa6a407747189bd5e92e53719126ff4a21c0721dac53a294e23315e77d2c09b32026f87b225eb4cc3f37a7ea2c1b4
- SSDEEP
  
  1536:z6qC8FeXpvgBn4x9FGuOwdYbQwYKF3LUzZyjv:z6qbeXqOEjw2bsKF3ANy7
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan