agenttesla

General

Target

Lebanon Khayat Trading Company.exe
Size

350KB
Sample

211026-e234wsggh5
MD5

24e677dbfb1bb82a006bbdf04c499d8f
SHA1

09a1ae987b86916026ed6e1e0e596a096910a1ae
SHA256

9f5267ca82e582370eca876960153a242346739c61f7042438e8a4213d1e0666
SHA512

4f62dc3b59b452ef9d2025f0accc4dd27185b706da73c576f67f40b9e8329f5e610d56236455967103c11157155db5591723976692da351ab5bcbd4e5bec1617

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
sg2plcpnl0023.prod.sin2.secureserver.net
Port:
587
Username:
[email protected]
Password:
User@40378

Targets

- Target
  
  Lebanon Khayat Trading Company.exe
- Size
  
  350KB
- MD5
  
  24e677dbfb1bb82a006bbdf04c499d8f
- SHA1
  
  09a1ae987b86916026ed6e1e0e596a096910a1ae
- SHA256
  
  9f5267ca82e582370eca876960153a242346739c61f7042438e8a4213d1e0666
- SHA512
  
  4f62dc3b59b452ef9d2025f0accc4dd27185b706da73c576f67f40b9e8329f5e610d56236455967103c11157155db5591723976692da351ab5bcbd4e5bec1617
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

Drops file in Drivers directory

Accesses Microsoft Outlook profiles

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2