agenttesla | 50cd8f4cb01872b0bfe50b281adc591708ea17b3ac4fa7ac1110edbb7e669ef5 | Triage

Sharing

General

Target

50cd8f4cb01872b0bfe50b281adc591708ea17b3ac4fa7ac1110edbb7e669ef5
Size

985KB
Sample

240524-dj5dkaah2z
MD5

be01442829f00cf449711150b1a189f0
SHA1

8f7e507c41b88d8c50cba9c155ecf60376ecdafd
SHA256

50cd8f4cb01872b0bfe50b281adc591708ea17b3ac4fa7ac1110edbb7e669ef5
SHA512

34003aa10cb934d7a7d7e8af979949e8b5d92c04a18dbbcc763595ee59daf8822d7d2b7a335b9ff1c2d2cf80d529339755c112e8a932eff170edde8c28b0f8ee
SSDEEP

12288:un6F4X56OWFTTbgCOV4GVSuxYJGZRJoZC2qRsB:une4JfsvgCsXVh2SZR

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.hotelroyal.com.pl
Port:
587
Username:
[email protected]
Password:
W0xw6jA.Hdr3
Email To:
[email protected]

Targets

- Target
  
  50cd8f4cb01872b0bfe50b281adc591708ea17b3ac4fa7ac1110edbb7e669ef5
- Size
  
  985KB
- MD5
  
  be01442829f00cf449711150b1a189f0
- SHA1
  
  8f7e507c41b88d8c50cba9c155ecf60376ecdafd
- SHA256
  
  50cd8f4cb01872b0bfe50b281adc591708ea17b3ac4fa7ac1110edbb7e669ef5
- SHA512
  
  34003aa10cb934d7a7d7e8af979949e8b5d92c04a18dbbcc763595ee59daf8822d7d2b7a335b9ff1c2d2cf80d529339755c112e8a932eff170edde8c28b0f8ee
- SSDEEP
  
  12288:un6F4X56OWFTTbgCOV4GVSuxYJGZRJoZC2qRsB:une4JfsvgCsXVh2SZR
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan