agenttesla

General

Target

Payment.zip
Size

55KB
Sample

210922-lc3kdscah9
MD5

f0876a5d91e17b79544278f8726fe4a7
SHA1

d6ee4e7acf8c881bc4f4f3cc90ea66af8b136baa
SHA256

0115201f17cb83a2bcf49068ab1437103a63b9ae2895640ddde30f74dfcb42ad
SHA512

cf142cdd3204bf81ff90d2ca8eb8121e43023f8f3e280df3710e1d84d975f2705dd413c635ce3910e23f335727967428b798306da8b6d767622be62ced9c0d27

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.aquaclima.gr
Port:
587
Username:
[email protected]
Password:
N]t+~*2=X1@o

Targets

- Target
  
  Payment.exe
- Size
  
  149KB
- MD5
  
  46a9cde2229b45d390ad40ce0cc997f9
- SHA1
  
  ddf3a356e42d2a15ccd930b0d5c6d7077824ef8f
- SHA256
  
  4c4a0595a5ac3499e7d398aa9cbbea5fc5a77836be706c50bbae6dd7c0c6aadb
- SHA512
  
  75a082b7a9a0df0a2b9f26fffcf8592f13d46c2b5bffc8830a100efcdd4cfa8394bb2a567f74c4c890f4f9cdcdeb103900cbb2990494971a119e2d128910340f
Score

10^/10

agenttesla microsoft evasion keylogger phishing spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Turns off Windows Defender SpyNet reporting
  evasion
- Windows security bypass
  evasion trojan
- AgentTesla Payload
- Nirsoft
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Disabling Security Tools

3

T1089

Modify Registry

4

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Turns off Windows Defender SpyNet reporting

Windows security bypass

AgentTesla Payload

Nirsoft

Executes dropped EXE

Windows security modification

Detected potential entity reuse from brand microsoft.

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2