agenttesla

General

Target

e5424082645fda55cc5d4e0192834afe.exe
Size

1.5MB
Sample

210308-w19dmhrr3e
MD5

e5424082645fda55cc5d4e0192834afe
SHA1

dfd934ffb08081496d896464f6b50a7b750f0845
SHA256

0ecfbf08398e1d0470c2f4d40a490808bd1b177cb60d674c5459d85f242952ab
SHA512

1724662c74221824d71ebf6d277ded559b404fb3acd5fdbc2f18e23dd147e65d3f7613e33a696803a78a2a89f923b2e57482103f7ec2a85f3fa6c80c4aad62f7

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
slcezbamxkbpjjjh

Targets

- Target
  
  e5424082645fda55cc5d4e0192834afe.exe
- Size
  
  1.5MB
- MD5
  
  e5424082645fda55cc5d4e0192834afe
- SHA1
  
  dfd934ffb08081496d896464f6b50a7b750f0845
- SHA256
  
  0ecfbf08398e1d0470c2f4d40a490808bd1b177cb60d674c5459d85f242952ab
- SHA512
  
  1724662c74221824d71ebf6d277ded559b404fb3acd5fdbc2f18e23dd147e65d3f7613e33a696803a78a2a89f923b2e57482103f7ec2a85f3fa6c80c4aad62f7
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2