agenttesla | 166bc7ce7a1d7395985340613e88e3058aa277a37b2079ff6c3bde6d3992a141 | Triage

Sharing

General

Target

055c7b3bb4cfdc848302fc355b283bdf_JaffaCakes118
Size

299KB
Sample

241001-lztwrstcjq
MD5

055c7b3bb4cfdc848302fc355b283bdf
SHA1

3dfdd9c427551cd934925384dd80f64b88176c6e
SHA256

166bc7ce7a1d7395985340613e88e3058aa277a37b2079ff6c3bde6d3992a141
SHA512

9db6b009a757d6759c2284e2ab55ffc1f7c4497847af1994ccfb8cc210706313275da9f611e64bebac609c642d90c5510786706aaadabf172e4b6973fafa048a
SSDEEP

6144:kLfRiOnGUcvnRFRInVG8ALNIRzjtHBZwIxFXAvNaqivUXAiicBS:kLfR/kNMAOJCIHAvNxiv7iisS

Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.sajbh.com
Port:
587
Username:
[email protected]
Password:
Saj@2014
Email To:
[email protected]

Targets

- Target
  
  055c7b3bb4cfdc848302fc355b283bdf_JaffaCakes118
- Size
  
  299KB
- MD5
  
  055c7b3bb4cfdc848302fc355b283bdf
- SHA1
  
  3dfdd9c427551cd934925384dd80f64b88176c6e
- SHA256
  
  166bc7ce7a1d7395985340613e88e3058aa277a37b2079ff6c3bde6d3992a141
- SHA512
  
  9db6b009a757d6759c2284e2ab55ffc1f7c4497847af1994ccfb8cc210706313275da9f611e64bebac609c642d90c5510786706aaadabf172e4b6973fafa048a
- SSDEEP
  
  6144:kLfRiOnGUcvnRFRInVG8ALNIRzjtHBZwIxFXAvNaqivUXAiicBS:kLfR/kNMAOJCIHAvNxiv7iisS
Score

10^/10

discovery agenttesla collection credential_access keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan