agenttesla | e297557b10ea6d307041d09aaa5adc47c3dbfaab035f113761a46a4f2295a69d | Triage

Sharing

General

Target

23052024_1317_23052024_Purchase Order.zip
Size

641KB
Sample

240523-qjrtpacf7t
MD5

5c9f92a2877cb91cc8ca65f9b2aa4cd1
SHA1

f51816047c4ee526d08c9162847797a72de97621
SHA256

e297557b10ea6d307041d09aaa5adc47c3dbfaab035f113761a46a4f2295a69d
SHA512

5a4df9b37293750e409ed485d571de978349006b11eee7963208d057aec36762125efb295e0379409a7d7dd3f645b8e819c7eec13bca5d1c92a5231363bf1902
SSDEEP

12288:10ZaK16pZqUfPw6Fyf+Vat5K0T1MDpX/LTjxQuy089LyuNm8C+RvPV:10jasepFyFt5K0T1MdXzPjygr2N

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
UTjMgxC7qqqqG5651@@
Email To:
[email protected]

Targets

- Target
  
  Purchase Order.exe
- Size
  
  916KB
- MD5
  
  43e578ebe45c2e4c078091635f84f511
- SHA1
  
  2a69714402d85deae610f811ca06f2816199c5e3
- SHA256
  
  c6e9ed35281ff6e8fa492cb7c29b5c49c495cb1c56b841484c927d8486299b3d
- SHA512
  
  bd90c855fe17fea16e43704b7d360e1958e5a1a325ee9fbd240f6322123882b390864c510c3ce2ea80a1ad66589752a169e9bf066e68ca5888273e431dceafd7
- SSDEEP
  
  12288:P8ZLe6pZoUf766py9205K6TBjtkPVXkSCyzkUfGt82me:0ZLeaeE7pyt5K6TBjtk5kS1Ot
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan