agenttesla | ca69ae5499c657b8b383cf6351147762093ecaa876f8b7c31850b32e10dc8c89 | Triage

Sharing

General

Target

Salary-Increase-Datasheet-Deceember-2022.vbe
Size

602KB
Sample

221206-htwlmagh2w
MD5

03f14b68315fa272d3f573c265fad342
SHA1

1ab4db87eda2c6e38adf91db4769a0d35468afdf
SHA256

ca69ae5499c657b8b383cf6351147762093ecaa876f8b7c31850b32e10dc8c89
SHA512

a5e8171828dbf7074a1fedea6a6bcad1341387cc238a12411e70b4ba78d5effdd81d5e21d61971bc09cde6a0207ce5776a5e2eed5bd0e560666de076c5282a3c
SSDEEP

12288:Y4xIeYbcj1U0xh99kYjUBW9g3VneffpEb:ieJxU0N93gW9ySfpEb

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtpout.secureserver.net
Port:
587
Username:
[email protected]
Password:
somethingcute4806657158
Email To:
[email protected]

Targets

- Target
  
  Salary-Increase-Datasheet-Deceember-2022.vbe
- Size
  
  602KB
- MD5
  
  03f14b68315fa272d3f573c265fad342
- SHA1
  
  1ab4db87eda2c6e38adf91db4769a0d35468afdf
- SHA256
  
  ca69ae5499c657b8b383cf6351147762093ecaa876f8b7c31850b32e10dc8c89
- SHA512
  
  a5e8171828dbf7074a1fedea6a6bcad1341387cc238a12411e70b4ba78d5effdd81d5e21d61971bc09cde6a0207ce5776a5e2eed5bd0e560666de076c5282a3c
- SSDEEP
  
  12288:Y4xIeYbcj1U0xh99kYjUBW9g3VneffpEb:ieJxU0N93gW9ySfpEb
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2