agenttesla | 22083794e761ae3e2fb684244ddadba8353b0dc25549d9591dbbd118dde52054 | Triage

Sharing

General

Target

BANK DATAILS.exe
Size

825KB
Sample

220805-ng5awscbc2
MD5

9c8721d5f0dfcb5893766810fc016b1b
SHA1

097e2d6bd75f55fee4ba991696d15bbd0f73137f
SHA256

22083794e761ae3e2fb684244ddadba8353b0dc25549d9591dbbd118dde52054
SHA512

83e9bd28a1ff90448cd029742dcf3dfea760ed70112ab85e840c661c053d59531f521e3d09a49c545cc7dc26b7bfc76d106e0bb3692b88c64c4f03acbe6177fa

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
webmail.keeprojects.in
Port:
587
Username:
quality@keeprojects.in
Password:
quality#@!

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
webmail.keeprojects.in
Port:
587
Username:
quality@keeprojects.in
Password:
quality#@!
Email To:
uuc7470@gmail.com

Targets

- Target
  
  BANK DATAILS.exe
- Size
  
  825KB
- MD5
  
  9c8721d5f0dfcb5893766810fc016b1b
- SHA1
  
  097e2d6bd75f55fee4ba991696d15bbd0f73137f
- SHA256
  
  22083794e761ae3e2fb684244ddadba8353b0dc25549d9591dbbd118dde52054
- SHA512
  
  83e9bd28a1ff90448cd029742dcf3dfea760ed70112ab85e840c661c053d59531f521e3d09a49c545cc7dc26b7bfc76d106e0bb3692b88c64c4f03acbe6177fa
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan