agenttesla | 87bbb97703c44d999ec3940825aa6976feeb8ea6d4c8afac9e7ba222448a35db | Triage

Sharing

General

Target

f8b12a3b329c7d9c07d93c835bb2e410_JaffaCakes118
Size

905KB
Sample

240926-s5txaavepm
MD5

f8b12a3b329c7d9c07d93c835bb2e410
SHA1

daea839cb08cbd7dac130483698b5ca1f11c391c
SHA256

87bbb97703c44d999ec3940825aa6976feeb8ea6d4c8afac9e7ba222448a35db
SHA512

949b2a1e95d0c90ed740163751ff4ba67603ebadd06bca27ede70a8579801053a4d10e5edf5f71f9e2913b7adfb391e7a6de894ceb66b0bf5023b50c40dee467
SSDEEP

24576:hNyUY46Z7iYtU+wkxbi0H5GWABXX+0dmj:mtZ7iYtbi0H5I3mj

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.tpts4seed.net
Port:
587
Username:
[email protected]
Password:
p(HgSgj2

Targets

- Target
  
  f8b12a3b329c7d9c07d93c835bb2e410_JaffaCakes118
- Size
  
  905KB
- MD5
  
  f8b12a3b329c7d9c07d93c835bb2e410
- SHA1
  
  daea839cb08cbd7dac130483698b5ca1f11c391c
- SHA256
  
  87bbb97703c44d999ec3940825aa6976feeb8ea6d4c8afac9e7ba222448a35db
- SHA512
  
  949b2a1e95d0c90ed740163751ff4ba67603ebadd06bca27ede70a8579801053a4d10e5edf5f71f9e2913b7adfb391e7a6de894ceb66b0bf5023b50c40dee467
- SSDEEP
  
  24576:hNyUY46Z7iYtU+wkxbi0H5GWABXX+0dmj:mtZ7iYtbi0H5I3mj
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan