agenttesla | 1d1930b4be3bc85d063e73b39d9a60695b8ce8d2f90ec79cc737f130e909eae6 | Triage

Sharing

General

Target

1d1930b4be3bc85d063e73b39d9a60695b8ce8d2f90ec79cc737f130e909eae6
Size

402KB
Sample

220521-ntdnpshbgr
MD5

80ddf7d6d03f7d08b0c6cf3ea99477f2
SHA1

41e3ad8569fbebfc6a40cbce722bd1007f08907d
SHA256

1d1930b4be3bc85d063e73b39d9a60695b8ce8d2f90ec79cc737f130e909eae6
SHA512

54285ada9e310efa67410f7312f13d8e2579830a69e8782d12255d2251b4a1c5b44e569c444f1baf4e07cb5b1b56fc2f2113c79d329d6a2944fd577d2698af14

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.mkkarakosemobilya.com
Port:
587
Username:
mahmut@mkkarakosemobilya.com
Password:
MKkkmbly@2019

Targets

- Target
  
  ggggdrdg.exe
- Size
  
  604KB
- MD5
  
  c563a1a2b846b84d781e7affbcf10988
- SHA1
  
  c0ea2727bf4978444f146dd8240bb06f4838c465
- SHA256
  
  e0d1c1f7fd8a8d07882ceeb4d681f9ff2b36912e9b0a8b182b3252599c2ea699
- SHA512
  
  78f4ab5f22782142f966fb5555b7fc32e28333a8c6dc843a0283ae29c423cfc95ce8ec8e712a4c688c7dcde2c03c7f2e95d03c28f5ca42945433b0a37ca0b436
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan