agenttesla | f3c578f72d54829d84db9ee7388b7afeebfd96fce52475c24b50bad9384eb739 | Triage

Sharing

General

Target

f3c578f72d54829d84db9ee7388b7afeebfd96fce52475c24b50bad9384eb739
Size

658KB
Sample

240328-calpesae43
MD5

7b3740ec98be0d5a85394b676ea9aa71
SHA1

6f494cde023b0b1effe14e45ee98f780c2956a19
SHA256

f3c578f72d54829d84db9ee7388b7afeebfd96fce52475c24b50bad9384eb739
SHA512

4e26634e421322f8a91c4117d6dce78998479430da0d81019cb22b1700e73700abe0b27e598406b07fcfd1a59df9ddd590e1fe2b7fde047d85070986f4315abc
SSDEEP

12288:3H2iNlw0hKMKlclluElepyI0EvP+D/hEt59Maa56Q+R5aaCE7+SD:31X8MrLuhyIrvmD/eZ5niK

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
cp5ua.hyperhost.ua
Port:
587
Username:
assadlog@oilandgascomp.xyz
Password:
7213575aceACE@#
Email To:
assad@oilandgascomp.xyz

Targets

- Target
  
  f3c578f72d54829d84db9ee7388b7afeebfd96fce52475c24b50bad9384eb739
- Size
  
  658KB
- MD5
  
  7b3740ec98be0d5a85394b676ea9aa71
- SHA1
  
  6f494cde023b0b1effe14e45ee98f780c2956a19
- SHA256
  
  f3c578f72d54829d84db9ee7388b7afeebfd96fce52475c24b50bad9384eb739
- SHA512
  
  4e26634e421322f8a91c4117d6dce78998479430da0d81019cb22b1700e73700abe0b27e598406b07fcfd1a59df9ddd590e1fe2b7fde047d85070986f4315abc
- SSDEEP
  
  12288:3H2iNlw0hKMKlclluElepyI0EvP+D/hEt59Maa56Q+R5aaCE7+SD:31X8MrLuhyIrvmD/eZ5niK
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan