agenttesla | d254745ca2edd62c5e9d3231b3131ae065b2e1759fe9916df96e6c14af59a99e | Triage

Sharing

General

Target

160-4833933645027883.exe
Size

376KB
Sample

221124-l1nq5sfc57
MD5

49b30367cc4e82565b22cf3299d673c0
SHA1

fc09b42732f4882bc43845aa16448db259db2820
SHA256

d254745ca2edd62c5e9d3231b3131ae065b2e1759fe9916df96e6c14af59a99e
SHA512

c1c727c156fc8933a71b0aec68bba4c9ec9f7fdfe0b106e0554c0d20f485823c2e4965ec66713e8f0f5557cc4dc8daa6bb5b2715836ac7a62e12269e626b01df
SSDEEP

6144:QBn1tG7w8exMNhxFa0L0CCEPnedspOjYj2d8xKGAZNj1a0vC3aAeFaWPT6QFa7Hm:gQDexMBA0L0AYNd8VALjIMC3aLtT6QFz

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.alaminattires.com
Port:
587
Username:
[email protected]
Password:
@Abc.it121obd#@
Email To:
[email protected]

Targets

- Target
  
  160-4833933645027883.exe
- Size
  
  376KB
- MD5
  
  49b30367cc4e82565b22cf3299d673c0
- SHA1
  
  fc09b42732f4882bc43845aa16448db259db2820
- SHA256
  
  d254745ca2edd62c5e9d3231b3131ae065b2e1759fe9916df96e6c14af59a99e
- SHA512
  
  c1c727c156fc8933a71b0aec68bba4c9ec9f7fdfe0b106e0554c0d20f485823c2e4965ec66713e8f0f5557cc4dc8daa6bb5b2715836ac7a62e12269e626b01df
- SSDEEP
  
  6144:QBn1tG7w8exMNhxFa0L0CCEPnedspOjYj2d8xKGAZNj1a0vC3aAeFaWPT6QFa7Hm:gQDexMBA0L0AYNd8VALjIMC3aLtT6QFz
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan