agenttesla | 32e57c1e9bac5b3d82f1f2163e29c0f84a2f441b2c67c0cd30c4ed4b0499c79d | Triage

Sharing

General

Target

23052024_1328_22052024_Proforma Invoice.zip
Size

628KB
Sample

240523-qq36asch7y
MD5

a5c2748d3e3a1684fbf01bfbbd30a506
SHA1

64c5deb6be6bd9149aae8f56a1483268456bd09a
SHA256

32e57c1e9bac5b3d82f1f2163e29c0f84a2f441b2c67c0cd30c4ed4b0499c79d
SHA512

6503eb59e9944281953917623a33b7c8e661511fd6966859fb4b389dd51fadebb5f925afc4e22328c258a00cb1d2b66fa8a222c3db6dfb7850f6d5b3df3acc59
SSDEEP

12288:10Xsga5dQxemKQS+WSUCy8R/HZaJKf3TqGFj2pacW8aWEmBOq5qPpZVmAylZ:WLgdTmJS+WF89HWkcpnEmBOq6Dm5lZ

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
UTjMgxC7qqqqG5651@@
Email To:
[email protected]

Targets

- Target
  
  Proforma Invoice.exe
- Size
  
  882KB
- MD5
  
  4376d88829445fb4012817d5efc84682
- SHA1
  
  d7bce9caea90a8b40f1444036b91312510de3028
- SHA256
  
  502e4ba0751c2051b1be12064c0bb0698b504d1c9d68174de1dc9b234e096cc6
- SHA512
  
  af77f043fd82a100c4641a4f920898d0829958ff6369b9aa852927f97191c334f0b5e48bf0254764b96cbc6adac16c153f6141a79f37576275adb7f8b8f11f04
- SSDEEP
  
  12288:cQ/emKia+CSUCq8l/xB6vKfR4TqGPXwJ8cW8sWomBO+Hq77ZnkqY2u:chmRa+C38pxupgJTomBO+aBkqYj
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan