agenttesla | 5a5d5b0c3917a59751c4c8404f9711b07395f058a29187fc3a37c2db94a0cc64 | Triage

Sharing

General

Target

5a5d5b0c3917a59751c4c8404f9711b07395f058a29187fc3a37c2db94a0cc64
Size

519KB
Sample

220802-ecckmsaggp
MD5

0e8bd35ef43d424f440a3164b6be511f
SHA1

d080400cbcbd9e4e10041ef7bdf383268707ce83
SHA256

5a5d5b0c3917a59751c4c8404f9711b07395f058a29187fc3a37c2db94a0cc64
SHA512

72eb8de3ca9347ea5525417c94f9af4cbd6f9d77706fd894bed2e7013c5efd3aa67a1143f3e1031c1319a701d7fa74d81cae2906ca037082061ef580da1ecc0f

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  5a5d5b0c3917a59751c4c8404f9711b07395f058a29187fc3a37c2db94a0cc64
- Size
  
  519KB
- MD5
  
  0e8bd35ef43d424f440a3164b6be511f
- SHA1
  
  d080400cbcbd9e4e10041ef7bdf383268707ce83
- SHA256
  
  5a5d5b0c3917a59751c4c8404f9711b07395f058a29187fc3a37c2db94a0cc64
- SHA512
  
  72eb8de3ca9347ea5525417c94f9af4cbd6f9d77706fd894bed2e7013c5efd3aa67a1143f3e1031c1319a701d7fa74d81cae2906ca037082061ef580da1ecc0f
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2