agenttesla | c85070cc7c6531cb49e2c33148fa5dbb75ea9501c49ea7b2d88600e2a23ef8cc | Triage

Sharing

General

Target

c85070cc7c6531cb49e2c33148fa5dbb75ea9501c49ea7b2d88600e2a23ef8cc.uue
Size

694KB
Sample

250128-hrzv9s1kg1
MD5

a123fcc953a1174034abea7a79f79f19
SHA1

efe9accbac46756d51daceb3e8ac22e9d6eba8bc
SHA256

c85070cc7c6531cb49e2c33148fa5dbb75ea9501c49ea7b2d88600e2a23ef8cc
SHA512

da98a411c4280b29738c8c56e8c53f9d051c4145eb9460f322cf9dbabbdb068a2f07e4adf79b202a70e32eb5bdfbcebf7e8d3cf51439d83b3a0518b4248f8851
SSDEEP

12288:zIPFwBWrsuUn6DJZTlotwQXlKmBzaVm2kzT6E597udwnwkL45CD5/4EzhYYVgB:iYWVU69NeAYAwf97u8w02MZ9P2

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
cp8nl.hyperhost.ua
Port:
587
Username:
[email protected]
Password:
@qwerty90123
Email To:
[email protected]

Targets

- Target
  
  SGJ780097-JWVY8560I-HHWQEUUIT6F6.bat
- Size
  
  998KB
- MD5
  
  38738d1bcce9a92053d0b2ff204da017
- SHA1
  
  5d3e8a4d369e1528ca1d25146199444f5a77cd5f
- SHA256
  
  34444d4292fb1f61fad6019625d22b9b88868e8af67aa0a84f1319ce8d571f01
- SHA512
  
  707fb504942509851ab9f3c801f0e748946f66abaab911d4e1bdc2b896ff71c22e925435e89bde94a20d2e717216fd83af4e9f95b79987e1aa6396ad1d2a9648
- SSDEEP
  
  12288:md0N6S1c2fTZUkwu0KgZVVaQlc+LrQ62iZL9FE0JidOv8rSsNSUr3CaNxP88DO8v:E00SXfOKGHc+LU622Ji4v8rkUr3CaP
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2