agenttesla | 16b6a65d78e3f62f04a054db4912adaf8926037f7af521f0baa26e799f7fd5b2 | Triage

Sharing

General

Target

16b6a65d78e3f62f04a054db4912adaf8926037f7af521f0baa26e799f7fd5b2.exe
Size

1.1MB
Sample

241007-bh72yszhmf
MD5

6f4b53caf2919c5f2575615106a46409
SHA1

50fae4da49c1ad527410a778a475b88621d97ad1
SHA256

16b6a65d78e3f62f04a054db4912adaf8926037f7af521f0baa26e799f7fd5b2
SHA512

a2d4a29566de6c348a6606a620cd4b8714816ddcec48f1bbee60cf00f2f8b2b8225c7ac6fab3d090d11cc126b3b1ce56e3d3d99828b7fd3fe432e9c9a147e0cb
SSDEEP

24576:ffmMv6Ckr7Mny5QLUv2KyhDjV6vJTFI/zjt3lQnk:f3v+7/5QLUv2BJGCvGk

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
srv.masternic.net
Port:
587
Username:
[email protected]
Password:
-H{2Szxi!%qb
Email To:
[email protected]

Targets

- Target
  
  16b6a65d78e3f62f04a054db4912adaf8926037f7af521f0baa26e799f7fd5b2.exe
- Size
  
  1.1MB
- MD5
  
  6f4b53caf2919c5f2575615106a46409
- SHA1
  
  50fae4da49c1ad527410a778a475b88621d97ad1
- SHA256
  
  16b6a65d78e3f62f04a054db4912adaf8926037f7af521f0baa26e799f7fd5b2
- SHA512
  
  a2d4a29566de6c348a6606a620cd4b8714816ddcec48f1bbee60cf00f2f8b2b8225c7ac6fab3d090d11cc126b3b1ce56e3d3d99828b7fd3fe432e9c9a147e0cb
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLUv2KyhDjV6vJTFI/zjt3lQnk:f3v+7/5QLUv2BJGCvGk
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan