agenttesla | 25093e6d7e4a3a4132d91a2bc489446cdbab96d66a27614524e0d7722d16a770 | Triage

Sharing

General

Target

PI.rar
Size

765KB
Sample

230328-v1trtsdh3s
MD5

e2c4b9c6a90e9d93775706a91391021a
SHA1

20d221372b3d31448109a15da1dc4112d1bc49b2
SHA256

25093e6d7e4a3a4132d91a2bc489446cdbab96d66a27614524e0d7722d16a770
SHA512

52bf5792de7455beb60c7132768bbb2b317b793bf74959cbf20d31cbe3f036cc085eb8fcbeb91de4a09f5402eaf8c5158a989957ee55ae472259b0b41071f2ba
SSDEEP

12288:5F1Rzo4AVv+xaD3RMUtUazUnTO4qGA9FzhsR85FwTzNwSenRn8tKDfBuHdm8F:c4AVGxM3sSUjqGOFzmyg/SSaFBzBuHd3

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.rapidcheckng.com
Port:
587
Username:
rapidcheck@rapidcheckng.com
Password:
@Rapidcheckng#
Email To:
ebukafale2@gmail.com

Targets

- Target
  
  PI.exe
- Size
  
  907KB
- MD5
  
  d9e811c5106c17f981dbd332430be485
- SHA1
  
  7a2e5eb9581a3c624c4557c98704231ef05e2b6a
- SHA256
  
  b2ce7ceab077d4acc80f9af0b23024ded5c8c52512ba8e5165fe7319cd4a5f6c
- SHA512
  
  c3660e432f870cbc0b0abdfbb20291541bdb24fcb3ea0ca1a9528594523f02a6a17fdf0f027dbf0dfda037004945ea55175dbf97a39472dda0922133f1048b74
- SSDEEP
  
  12288:UmCXKdJVZz5dacFOqX+xo+cp9iyRPxQGsGzIsy3UdixuI7rso7suKHHo2oocDlic:UmrVZ9Ua5/pkuxQxGYHuI7rsssXHsB
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan