agenttesla | f021c8313337e8ead2b4e82601364345b15191c998e8fca9b561bed84658ec57 | Triage

Sharing

General

Target

f021c8313337e8ead2b4e82601364345b15191c998e8fca9b561bed84658ec57
Size

1.2MB
Sample

240523-c46lpaah6x
MD5

9aa81bc3c40cbbf486043aa4cce85c00
SHA1

104d2689ed8c6b8a11457ee5d9057a971d6da4b7
SHA256

f021c8313337e8ead2b4e82601364345b15191c998e8fca9b561bed84658ec57
SHA512

aadaee093f386397d4ab52336109bf731783443b6cd67ebc0c4f23b2cf4bf566637a7dbb65ddf4e7d6af9e71b17a449001210412eae76a3e24d60d7189b7e3ab
SSDEEP

24576:tSu1S82mBVrIiudqyQm35h9OZKLueX/AtuN7C:tSuU82mTVqQmL9F

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.worlorderbillions.top
Port:
587
Username:
[email protected]
Password:
=;=yKWThEGx-
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
mail.worlorderbillions.top
Port:
587
Username:
[email protected]
Password:
=;=yKWThEGx-

Targets

- Target
  
  f021c8313337e8ead2b4e82601364345b15191c998e8fca9b561bed84658ec57
- Size
  
  1.2MB
- MD5
  
  9aa81bc3c40cbbf486043aa4cce85c00
- SHA1
  
  104d2689ed8c6b8a11457ee5d9057a971d6da4b7
- SHA256
  
  f021c8313337e8ead2b4e82601364345b15191c998e8fca9b561bed84658ec57
- SHA512
  
  aadaee093f386397d4ab52336109bf731783443b6cd67ebc0c4f23b2cf4bf566637a7dbb65ddf4e7d6af9e71b17a449001210412eae76a3e24d60d7189b7e3ab
- SSDEEP
  
  24576:tSu1S82mBVrIiudqyQm35h9OZKLueX/AtuN7C:tSuU82mTVqQmL9F
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan