agenttesla

General

Target

payment copy.exe
Size

433KB
Sample

211020-k7w6esggh3
MD5

52e5279607c6ee625b8d01bdef0771ba
SHA1

f136b9d2629bc255fcc36537f7ff1032ed05f3ab
SHA256

ae847091d872af53d8c8f3e9d590a6ddfd24d979bd336c8a8fd4cccd5de20db0
SHA512

00771c173de6a7d9ce07e9163928e8c9adad2cfd9f170f0f62529e4d98409a34d057b223bf2712081e4da95e90a02491d4a836f44d4d43efbab15d46e3606d85

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
sg2plcpnl0023.prod.sin2.secureserver.net
Port:
587
Username:
[email protected]
Password:
User@40378

Targets

- Target
  
  payment copy.exe
- Size
  
  433KB
- MD5
  
  52e5279607c6ee625b8d01bdef0771ba
- SHA1
  
  f136b9d2629bc255fcc36537f7ff1032ed05f3ab
- SHA256
  
  ae847091d872af53d8c8f3e9d590a6ddfd24d979bd336c8a8fd4cccd5de20db0
- SHA512
  
  00771c173de6a7d9ce07e9163928e8c9adad2cfd9f170f0f62529e4d98409a34d057b223bf2712081e4da95e90a02491d4a836f44d4d43efbab15d46e3606d85
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

Drops file in Drivers directory

Accesses Microsoft Outlook profiles

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2