agenttesla

General

Target

c1b4b9ffcd81e9a4516400f9fc38a4d3.exe
Size

1.1MB
Sample

211019-scqn6aghgq
MD5

c1b4b9ffcd81e9a4516400f9fc38a4d3
SHA1

3605dec02e7f6480262eb5cae77ada772324bb2b
SHA256

4ed0b0474741e959230eb8a17efbc5e0db94fba7f46499596dd6359b4cf16637
SHA512

f7ff356b06b1eb2f9babc850727907748c50b5868a241a6b4746e92104d806c67b3034a73559a2ca0819c6e4b66e17e1bbcd856ba7ca4d16d3f283e827dd0c5e

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.lko-import.de
Port:
587
Username:
data.edu@lko-import.de
Password:
TVMHSiW5

Targets

- Target
  
  c1b4b9ffcd81e9a4516400f9fc38a4d3.exe
- Size
  
  1.1MB
- MD5
  
  c1b4b9ffcd81e9a4516400f9fc38a4d3
- SHA1
  
  3605dec02e7f6480262eb5cae77ada772324bb2b
- SHA256
  
  4ed0b0474741e959230eb8a17efbc5e0db94fba7f46499596dd6359b4cf16637
- SHA512
  
  f7ff356b06b1eb2f9babc850727907748c50b5868a241a6b4746e92104d806c67b3034a73559a2ca0819c6e4b66e17e1bbcd856ba7ca4d16d3f283e827dd0c5e
Score

10^/10

agenttesla nanocore collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- AgentTesla Payload
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

NanoCore

AgentTesla Payload

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2