agenttesla | d39a34c9a9bd2eace9b016b4e399d802b029557d44838223498636bc58b1b3d6 | Triage

Sharing

General

Target

9320335e97cdd424812d2eca07cd65145a8ffa772102308ea39294ea2a1d7090.zip
Size

365KB
Sample

221124-rf5f2shf33
MD5

397957cd9d063b74b03a534f8e64704b
SHA1

c3d27a7567795039bac604344a9b5a9e2b4ecc94
SHA256

d39a34c9a9bd2eace9b016b4e399d802b029557d44838223498636bc58b1b3d6
SHA512

0fd79339dd6f97d27e12751fb1f9c77876fceb8b9ab2ed57e75ec4105afb389a203c71b27fe9a60603488ad9f0a8c874013cfcedd0ba001b39918e049aa2185b
SSDEEP

6144:gUarSAqu35p/7v2nhCHIZfeS95ilvIx9ECa7Ip517qWaqiNWlg:HarSSXs0HSkIULs512WaqUWq

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.alaminattires.com
Port:
587
Username:
[email protected]
Password:
@Abc.it121obd#@
Email To:
[email protected]

Targets

- Target
  
  160-4833933645027883.exe
- Size
  
  376KB
- MD5
  
  49b30367cc4e82565b22cf3299d673c0
- SHA1
  
  fc09b42732f4882bc43845aa16448db259db2820
- SHA256
  
  d254745ca2edd62c5e9d3231b3131ae065b2e1759fe9916df96e6c14af59a99e
- SHA512
  
  c1c727c156fc8933a71b0aec68bba4c9ec9f7fdfe0b106e0554c0d20f485823c2e4965ec66713e8f0f5557cc4dc8daa6bb5b2715836ac7a62e12269e626b01df
- SSDEEP
  
  6144:QBn1tG7w8exMNhxFa0L0CCEPnedspOjYj2d8xKGAZNj1a0vC3aAeFaWPT6QFa7Hm:gQDexMBA0L0AYNd8VALjIMC3aLtT6QFz
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan