agenttesla | 4d4159f7401d22baaf1c07390e3d411caf5b938806898eac4c69f1d3215dac0f | Triage

Sharing

General

Target

4d4159f7401d22baaf1c07390e3d411caf5b938806898eac4c69f1d3215dac0f
Size

1.4MB
Sample

250218-j29znaynhs
MD5

c0ccf1aa04980a992e4cc85c740564fb
SHA1

0e5c6804a2a355565150c4f6ce789351258db66f
SHA256

4d4159f7401d22baaf1c07390e3d411caf5b938806898eac4c69f1d3215dac0f
SHA512

5f5f5cfa84da119195c9653f5238b9d4d52c441ae5cb32f2d5cffbc34401d2c2bf4346620786faad81da8e03f9147a9af0116e4cc32ca79dac977625c1861fee
SSDEEP

24576:4yrTsIJ0RRWKGSkODVL+N/mO4Ji9rIofYBOzgyrTsIJ0RRWKGSkODVL+N/mO4JiX:pPLKRRWKQODVL+N/m49rIReBPLKRRWK2

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  Thermo Fisher RFQ_TFS-1508.COM
- Size
  
  1.1MB
- MD5
  
  d39d829687978a2ef6e385508bdb48ed
- SHA1
  
  e1ec283ac4a7e33de8fe429841c9e6518422ade0
- SHA256
  
  cb17d0dc6270ed6a16c727088332c74d14ac023d1a80bf5ac97574df05c239b2
- SHA512
  
  1aafbc56dff067ee328027c094b75f1bc5240d6e1404d79c3c8dd51a98bec8f6f592d0f35dcd08da6473e7c5411a453c4fb4271b189a5d960d04c58620adbd57
- SSDEEP
  
  24576:7u6J33O0c+JY5UZ+XC0kGso6FaYImOm9ihrIYrYBaFjdWY:1u0c++OCvkGs9FaYImEhrIpaCY
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Thermo Fisher RFQ_TFS-1509.PDF
- Size
  
  1.1MB
- MD5
  
  d39d829687978a2ef6e385508bdb48ed
- SHA1
  
  e1ec283ac4a7e33de8fe429841c9e6518422ade0
- SHA256
  
  cb17d0dc6270ed6a16c727088332c74d14ac023d1a80bf5ac97574df05c239b2
- SHA512
  
  1aafbc56dff067ee328027c094b75f1bc5240d6e1404d79c3c8dd51a98bec8f6f592d0f35dcd08da6473e7c5411a453c4fb4271b189a5d960d04c58620adbd57
- SSDEEP
  
  24576:7u6J33O0c+JY5UZ+XC0kGso6FaYImOm9ihrIYrYBaFjdWY:1u0c++OCvkGs9FaYImEhrIpaCY
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral3

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral4

agenttesladiscoverykeyloggerspywarestealertrojan