agenttesla | 31c78ac3b25d1abf7932ca71a93ca368e5f9116b7ed2874cef40655ebc09783d | Triage

Sharing

General

Target

31c78ac3b25d1abf7932ca71a93ca368e5f9116b7ed2874cef40655ebc09783d_JC.zip
Size

350KB
Sample

230831-yntsvahg91
MD5

c8cf984910c46c90d29e0f64ec1f61eb
SHA1

e58c5b24a37e0fadef967f1f592e6f316f351666
SHA256

31c78ac3b25d1abf7932ca71a93ca368e5f9116b7ed2874cef40655ebc09783d
SHA512

297b045de95dbc4d70b8fe7f54917cab70190fb01a4fa0692571582756444fb6e2b2e4a9677d0920d73ced475d11e8957032c1a0341ac00bd1a947fa4f882320
SSDEEP

6144:EWIm1j+JCL+UBVB98fM7JNaGRsGytwcn3YJ+ia8FQBmd/9lREtpl:jIm8c+UlGCJNRsGyG83J8FQsdVlmtpl

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.sirisexpress.com
Port:
587
Username:
[email protected]
Password:
SirisEmails@123
Email To:
[email protected]

Targets

- Target
  
  AJG2023031161.exe
- Size
  
  852KB
- MD5
  
  6cc6924c78fdcb06383af80e97539df9
- SHA1
  
  7418239bc287b32a2243bbad661aecd75f7176c9
- SHA256
  
  229409f294f2a7102935d415228ff716f06746e313c4d058821a0397518213ad
- SHA512
  
  21b5324a83bbb8904ba43e292d7bfccfb16a059ee9d140614cd6ce397d93b0755b775477056ff7611ebe032fa3024f0577e52a8512d5566329bd9ccc7e8278f1
- SSDEEP
  
  12288:BB5KrzwXNvOQlR7RHdhjmC/MVKKGameOrrqTxlaTKnHXlVXQi:BOrsXNmyR7R9Fmx8ameO6BHXlJQi
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan