agenttesla | 0c3e2cb8486ccdc6e64b443642f107bfd93752f4bdbc566cc2cf8643aba6f8fe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db813eacc12617bc14f34bc81e147c65.bin
Size

296KB
Sample

230901-ch5ghabf4v
MD5

d22c189c83d871492dd1b69b7183cb82
SHA1

1354a35702eb9dfe77164d8bfb53d3dff3544cd9
SHA256

0c3e2cb8486ccdc6e64b443642f107bfd93752f4bdbc566cc2cf8643aba6f8fe
SHA512

6d139f35bcccc7b3860bed6c5215b556b928f611da8bd141c7b166d72ff234f9550fc5b1b82235d4329386736751ae5fc41ee6dc7070f6b6b29518cdf602d264
SSDEEP

6144:IEp+ylCEnV+Co55gJECqTTKYWB6uL0rFKHeO9Aff9hBdEkgCCNoo9:JtlCkV+oJEkYWBfrHeO9Aff/BdEkgCCj

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.sirisexpress.com
Port:
587
Username:
[email protected]
Password:
SirisEmails@123
Email To:
[email protected]

Targets

- Target
  
  Invoice #290202308.exe
- Size
  
  814KB
- MD5
  
  5f748b029a17817417949dda750cf225
- SHA1
  
  7a674c9b1c0c632f83bd27091bd769ea88daf215
- SHA256
  
  b63ed1999685c3144cb61f9091b54f33fbcf657f3ea910b11e57e5cf8f1bf2c7
- SHA512
  
  b879652156e2cbf7c248bb7bae0ee8dcf477564770f45c3b634dcca2e87d29b725ff2d50b4fbc0db806a3e8b829c50cdc5349968ddb3ddfafe74b060a823ae29
- SSDEEP
  
  12288:LkTcSEZMcd4LmzBaGuIvNtbKq+LoTQ7dyiqWMRK1jFlENQ/FBev+40s:6eIubueTb0cTQJyiaK1jql
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan