agenttesla | 980bdbac9ae7d494daaf5e30e23656e81fbff319223f766d8c4ae65412d4d03b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

980bdbac9ae7d494daaf5e30e.exe
Size

864KB
Sample

230709-ndsspade3v
MD5

a9aae7866cef9615e98f3bdc0108f9d5
SHA1

2677f5ada5cf82c1c671690e7203f447a5f8fce6
SHA256

980bdbac9ae7d494daaf5e30e23656e81fbff319223f766d8c4ae65412d4d03b
SHA512

dddcbfec3e14066e7497078d0c42e5388c6cdbb3a20b1e307436aa6c218217e4800727abb9bdaf3e6e58c276b324f80dbb432e95bac0bad44caa5509ddafd892
SSDEEP

12288:vMLw3Zhl9gpUUre0FLP/cnwXwbqxqUya/qf4h5N0mX/xS:ECz6u8x/bpxqUya/tlX

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
sh003.webhostbox.net
Port:
587
Username:
[email protected]
Password:
bl e ss ing 2 0 2 3
Email To:
[email protected]

Targets

- Target
  
  980bdbac9ae7d494daaf5e30e.exe
- Size
  
  864KB
- MD5
  
  a9aae7866cef9615e98f3bdc0108f9d5
- SHA1
  
  2677f5ada5cf82c1c671690e7203f447a5f8fce6
- SHA256
  
  980bdbac9ae7d494daaf5e30e23656e81fbff319223f766d8c4ae65412d4d03b
- SHA512
  
  dddcbfec3e14066e7497078d0c42e5388c6cdbb3a20b1e307436aa6c218217e4800727abb9bdaf3e6e58c276b324f80dbb432e95bac0bad44caa5509ddafd892
- SSDEEP
  
  12288:vMLw3Zhl9gpUUre0FLP/cnwXwbqxqUya/qf4h5N0mX/xS:ECz6u8x/bpxqUya/tlX
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan