agenttesla | b1c7d97a72832beb55fe59906cb3b71bb2e01eb7ba0906f018c9bda496fdaeb7 | Triage

Sharing

General

Target

BL-0631263pdf.7z
Size

757KB
Sample

230828-rq2g5sef6x
MD5

ac5e8a509a832a03fe5ed41bfebf83e4
SHA1

cd3800f0a2203a1f1f522afeb4530db809ac9db5
SHA256

b1c7d97a72832beb55fe59906cb3b71bb2e01eb7ba0906f018c9bda496fdaeb7
SHA512

997cbdfe5b4f20f094f033b619cc0e06710f70fc2b0a69b722421a54a0dc710f04f822f2e2047ffd0907be408a296232131a4ee3b5e37c7b862c409a0c09523d
SSDEEP

12288:Qm+b1wdO1swz1UfCbFbRlztsHJJ9u4OBOpiLVa2USEkgMCIUUruFoiJG1Fbcuv:Qm+bgOyQ+fChztsPk42OkLVa2kkJHUM/

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
server1.sqsendy.shop
Port:
587
Username:
[email protected]
Password:
PHsVv_lSI8CB
Email To:
[email protected]

Targets

- Target
  
  BL-0631263pdf.exe
- Size
  
  1.1MB
- MD5
  
  4ca6dcca18b59df29a5cb00fafb7e2b7
- SHA1
  
  31853e1cadcbe5729388a96a0c4ccd1ed66abc97
- SHA256
  
  90c11cd417e2daaf58d0cd27512d7405f4db1eebe78b6b6fb71b1b62ecd37caf
- SHA512
  
  148c63c1939bd6ba6111b4d5583162cdd37a552e5f9355f22a00c6952f438c3544c2d56f678a70c1b98320d7cc079073b685fdf6219d73f2850f70d69d15d6af
- SSDEEP
  
  24576:XCnr+Y4XhB9hiqdys4D42OBKVG2GklHBcu+oN00+3:QaB9hSs042ZGfkFuuD/C
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan