agenttesla | bc16d3bbd177cb05ba8951e898d56c2c1f8969274579e9f33e3b0c76b8ff9c7a | Triage

Resubmissions

22-03-2023 07:33

230322-jdt9asfe42 10

22-03-2023 07:02

230322-htsjzahc8t 10

Sharing

General

Target

SOA 9206174.zip
Size

430KB
Sample

230322-jdt9asfe42
MD5

569d86839920600f3e27d9060891b9f2
SHA1

5a515e25976db8854c866a2cf5861c4099ec9ee0
SHA256

bc16d3bbd177cb05ba8951e898d56c2c1f8969274579e9f33e3b0c76b8ff9c7a
SHA512

f3930d2806b5abb4675053c518d04f66d87eb19d44e52cce4e3ffa5b15887f90354249affa280c22b0741c4fc53911c89e09a7e989ffff102d855f9ecf3e564c
SSDEEP

12288:V9Vv0gUO0EuTICaXPc3DxK3XGbXZ0gDcVGDVHZ:V9R1Ug1X+sCp0acVIV5

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.flash-tours.gr
Port:
587
Username:
[email protected]
Password:
abcdef7890!#%&(
Email To:
[email protected]

Targets

- Target
  
  SOA 9206174.exe
- Size
  
  457KB
- MD5
  
  aab0efeffaee8ccddd956b602002217d
- SHA1
  
  7e926e8ffc86deb65dfacd5c698134ca42dc78ac
- SHA256
  
  00d8ac72e19602b0978ccc378c7e2cca282573db5bbf63d792438bee8d98cb49
- SHA512
  
  968c45cae94960cf68b6263820fe44122b03270b5199c88ec7dcdc531941346a195c1c03c33c7372aa33ae02c169a432f225464e8578405d0ad4ef4b5d78c489
- SSDEEP
  
  12288:LS9gOrY+/Vtrc3x8yLcJOzgMZbYZ0OY+zVGziaAUPrC:LS95TdIKyI8zgM+0gVsPAUP
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2