agenttesla | c36aed026c86bb793c21b391773c4b48b6681551ba5b7fa4a60a988b36dde328 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8d66c3ab701aca56ff9d883baa5a8dfa.bin
Size

446KB
Sample

230611-b129esha4t
MD5

957f3d4603a2281fe9ac0df109b2ea07
SHA1

1263bc3ee8445f04d78d35f0ca082cabf4a1f8fe
SHA256

c36aed026c86bb793c21b391773c4b48b6681551ba5b7fa4a60a988b36dde328
SHA512

38d7d106c5c3dfe7caffc37f48ae2bb0a0167e4d419a4ef094b542c4b1b9504df66df79979e3afb67a657f6d2cbcf7c807a7d843164d59a5d1cf37ccedd63267
SSDEEP

12288:VZUPU8JCqAjEQnYewbXfnjyxD+0uPrJDxPJnFLc:4PBCqAjEQnYeeXfnjyh+/PrJ1rQ

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.sorincrop.com
Port:
587
Username:
[email protected]
Password:
blessing202321@!$%btr
Email To:
[email protected]

Targets

- Target
  
  SHIPMENT DOCS 2X20.exe
- Size
  
  836KB
- MD5
  
  4ef95506966ec368bb5fef61b734eab0
- SHA1
  
  b90a7bc656193221a4365ccd97fef88f1927d0a3
- SHA256
  
  c45219a3fd0cf51360c30b7aa0cba985ad1d28030785ab9dc5083090540409d8
- SHA512
  
  bca2b6102ab7bf54421fa7a208b952d0d15f78e9712cf779c8d30da73b9fcc64f6e01d99784f6425a1dd358b54502eff3e5b60f49def584cd3d9ac6fc3f04b3c
- SSDEEP
  
  12288:Jh78U1wr+DKIE+oBYFqdhshvZnCP+GREixvgOD:JhDT+p+IEvs3REilgG
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan