agenttesla | a130b1de44bb0e882375378f9c3ddcf94508674164458d76ae06bb9fd36393eb | Triage

Sharing

General

Target

Bank Details.exe
Size

1.1MB
Sample

240829-l175savhma
MD5

99484dd2aebff67b20e11b5af574a8be
SHA1

dbddda933fbb6bb76004c6a27254575eaede9761
SHA256

a130b1de44bb0e882375378f9c3ddcf94508674164458d76ae06bb9fd36393eb
SHA512

7e61fe4c64ace77b78f2fdd820c24c95ce6a9d9d9b1ab114e943a134d2b3790e1302815cd21ffa4d721c1cf554d386c77ab0b9df8dc9d59ba35dbf42809758dc
SSDEEP

24576:CGAM4OF+PMwrSVlbmfDYkhDvGtjXtGUAF9kJ7MqudghfEuCj0hThiHHxlhViP2y3:CsMwPDoi

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.azmaplast.com
Port:
587
Username:
[email protected]
Password:
QAZqaz123@@
Email To:
[email protected]

Targets

- Target
  
  Bank Details.exe
- Size
  
  1.1MB
- MD5
  
  99484dd2aebff67b20e11b5af574a8be
- SHA1
  
  dbddda933fbb6bb76004c6a27254575eaede9761
- SHA256
  
  a130b1de44bb0e882375378f9c3ddcf94508674164458d76ae06bb9fd36393eb
- SHA512
  
  7e61fe4c64ace77b78f2fdd820c24c95ce6a9d9d9b1ab114e943a134d2b3790e1302815cd21ffa4d721c1cf554d386c77ab0b9df8dc9d59ba35dbf42809758dc
- SSDEEP
  
  24576:CGAM4OF+PMwrSVlbmfDYkhDvGtjXtGUAF9kJ7MqudghfEuCj0hThiHHxlhViP2y3:CsMwPDoi
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2