agenttesla | 49d4472a338ca137c33aeed9eb7fc2a61ec2e095c059bb9f777358e900e4037e | Triage

Sharing

General

Target

Neworder.exe
Size

153KB
Sample

230816-xgxeqafa7s
MD5

8b935374810ea4a031bdff93abc5e367
SHA1

352c96b1fc842431f2fc0367ea84a3c4cca08ef7
SHA256

49d4472a338ca137c33aeed9eb7fc2a61ec2e095c059bb9f777358e900e4037e
SHA512

4d82e6e733a46aeffc4b0ba060aecfc739debae97da47496de5d70f26ec53dbd8c60cc4ea1fc5f2dac4aef95699489b92e28417e8d0d69b039c35ab042dc3008
SSDEEP

3072:67p1+JUW8z7XYCPL/+xqlNEC+0ASrZqCwbPsRTO/8EfhAP8tB:6117W8XDT/+xWNEh0VMbDAE

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
28#75@ts76&&p!!@@
Email To:
[email protected]

Targets

- Target
  
  Neworder.exe
- Size
  
  153KB
- MD5
  
  8b935374810ea4a031bdff93abc5e367
- SHA1
  
  352c96b1fc842431f2fc0367ea84a3c4cca08ef7
- SHA256
  
  49d4472a338ca137c33aeed9eb7fc2a61ec2e095c059bb9f777358e900e4037e
- SHA512
  
  4d82e6e733a46aeffc4b0ba060aecfc739debae97da47496de5d70f26ec53dbd8c60cc4ea1fc5f2dac4aef95699489b92e28417e8d0d69b039c35ab042dc3008
- SSDEEP
  
  3072:67p1+JUW8z7XYCPL/+xqlNEC+0ASrZqCwbPsRTO/8EfhAP8tB:6117W8XDT/+xWNEh0VMbDAE
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan