agenttesla | 71e7dfba6cd94d1be1096f5d2ac0938c3bc4bedbe649f422eef44f9821f170ab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win32.CrypterX-gen.16916.25752
Size

1.2MB
Sample

230827-3nc8baff91
MD5

5313d6e64482c697ea11c93b462cfc06
SHA1

335505545c66a20f80729d9770c140d5e6a6fd6a
SHA256

71e7dfba6cd94d1be1096f5d2ac0938c3bc4bedbe649f422eef44f9821f170ab
SHA512

867776fe06c6496f30bcc2c797983376dbbdb7fa20aca48495844cfe43f873e45de581e7ef3f1d49f7f819bece3b9405edbd56d910a7da6c8ff6d0ceba2a0fa3
SSDEEP

24576:uHSddjJjiX96ehkq0/7Ac5KVMUvfGYbL4OuQdTKIAEThXU:J0VXfGYbEudRRT6

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.exceltruea.com
Port:
587
Username:
[email protected]
Password:
innocentchinedu
Email To:
[email protected]

Targets

- Target
  
  SecuriteInfo.com.Win32.CrypterX-gen.16916.25752
- Size
  
  1.2MB
- MD5
  
  5313d6e64482c697ea11c93b462cfc06
- SHA1
  
  335505545c66a20f80729d9770c140d5e6a6fd6a
- SHA256
  
  71e7dfba6cd94d1be1096f5d2ac0938c3bc4bedbe649f422eef44f9821f170ab
- SHA512
  
  867776fe06c6496f30bcc2c797983376dbbdb7fa20aca48495844cfe43f873e45de581e7ef3f1d49f7f819bece3b9405edbd56d910a7da6c8ff6d0ceba2a0fa3
- SSDEEP
  
  24576:uHSddjJjiX96ehkq0/7Ac5KVMUvfGYbL4OuQdTKIAEThXU:J0VXfGYbEudRRT6
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan