agenttesla

General

Target

Lebanon Khayat Trading Company.r15
Size

334KB
Sample

211026-jbvgaaghh8
MD5

f8f556291f188343fb61560420999421
SHA1

f02d71cc246cbf11a8e14929a24fca83c927f2ba
SHA256

6be7eafa1607a79407e43bdfa79164b18f4e9ab3c95684b7d54e7395e74407b3
SHA512

e96309ff433892f513ab95948c77518d1f4ab7a557eb932e99dcd053e9dd5c3cd8023586f9b4edd57ae9ed3a49b6d3a1905f5338c5bc63d3ee7c7e32c83f08a1

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
sg2plcpnl0023.prod.sin2.secureserver.net
Port:
587
Username:
[email protected]
Password:
User@40378

Targets

- Target
  
  Lebanon Khayat Trading Company.exe
- Size
  
  350KB
- MD5
  
  24e677dbfb1bb82a006bbdf04c499d8f
- SHA1
  
  09a1ae987b86916026ed6e1e0e596a096910a1ae
- SHA256
  
  9f5267ca82e582370eca876960153a242346739c61f7042438e8a4213d1e0666
- SHA512
  
  4f62dc3b59b452ef9d2025f0accc4dd27185b706da73c576f67f40b9e8329f5e610d56236455967103c11157155db5591723976692da351ab5bcbd4e5bec1617
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

Drops file in Drivers directory

Accesses Microsoft Outlook profiles

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2