agenttesla | 38297bcab5d848b46c8b22af3388a01a9267d012f0183f91307c323cf6c983df | Triage

Sharing

General

Target

RFQ 6000066536 - PR 10023150.rar
Size

127KB
Sample

230829-gbdgnaad26
MD5

d67c11bd9784c1d7e98b8da6d8fe86de
SHA1

f00391ca7740a8435146dddc86bdc8c5f71ed8bb
SHA256

38297bcab5d848b46c8b22af3388a01a9267d012f0183f91307c323cf6c983df
SHA512

ba4700c96cd8f7a08c1677fd330b460e269cb80dddf0586b089d68aab57991aee868e2871da54bad07a342abab15f30ef1a0c5cbc34901cd3cdf96d41bde2677
SSDEEP

3072:KLEQtlhmmD55uIdo1vNfF8g+JCz1llwBrq2cKIWOmaD1mu:kxPv7dyvZKCz1llw5q2cDmOj

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.tandaauk.com
Port:
587
Username:
[email protected]
Password:
goodfree@@
Email To:
[email protected]

Targets

- Target
  
  RFQ 6000066536 - PR 10023150.exe
- Size
  
  293KB
- MD5
  
  c07dcacf891f050de64a473f24de09cc
- SHA1
  
  44c85573c7de6ae59fabc6e74aa858db35bfba74
- SHA256
  
  1848ae732a316881124c9a7e3e1c29c308d78706f2159b79e125fe919f3d80b9
- SHA512
  
  4270727e1a92df5d71b40a7031ab0e37a0524f30699bcf2a3d23357ffca657f433f8b69dd6b3d944e1ee267944f28a5d6f237d8ec00980069e60aa21e0472f11
- SSDEEP
  
  6144:vZla6Ee3o9u8/kjEHlo0AfYj+QU4s9ck1+9WpTU03oRknTjzRn2XlNq/TiwTzRc:vfa6Ee4pGEFo0mYj+Nd+9WpoR
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan