agenttesla | 17233e3b1e4c05ea54dd6603a52da89b00257baeca58d33fcbd6997a4e22fda0 | Triage

Sharing

General

Target

fff040c5056d604adbd1df3d262ede7d_JaffaCakes118
Size

1.3MB
Sample

240930-esg53asbld
MD5

fff040c5056d604adbd1df3d262ede7d
SHA1

abf99fffd0acc99ee4dde6aad5e2b0f0b19e19f8
SHA256

17233e3b1e4c05ea54dd6603a52da89b00257baeca58d33fcbd6997a4e22fda0
SHA512

20e49cd5312ca27f81b49d59b2872959ca5215bb55e3e15a074abc56a7f031956a48c72c9f5f3cbe748228fceb4aefdf01ff17bf669624d406e5fbf2fa9012af
SSDEEP

24576:KAHnh+eWsN3skA4RV1Hom2KXMmHaLz1TbfTNz0LLeyr5:dh+ZkldoPK8YaLz1/hQSG

Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
kaka1234@1@1

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
kaka1234@1@1

Targets

- Target
  
  fff040c5056d604adbd1df3d262ede7d_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  fff040c5056d604adbd1df3d262ede7d
- SHA1
  
  abf99fffd0acc99ee4dde6aad5e2b0f0b19e19f8
- SHA256
  
  17233e3b1e4c05ea54dd6603a52da89b00257baeca58d33fcbd6997a4e22fda0
- SHA512
  
  20e49cd5312ca27f81b49d59b2872959ca5215bb55e3e15a074abc56a7f031956a48c72c9f5f3cbe748228fceb4aefdf01ff17bf669624d406e5fbf2fa9012af
- SSDEEP
  
  24576:KAHnh+eWsN3skA4RV1Hom2KXMmHaLz1TbfTNz0LLeyr5:dh+ZkldoPK8YaLz1/hQSG
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan