agenttesla | dfec19b2418939555f65e61d31c45c4714605150b83315c6adb735567f3b4d36 | Triage

Sharing

General

Target

FRAIR00113735.pdf.exe
Size

1.1MB
Sample

231013-d1mvvaed44
MD5

82512c1c3a19270d6793a28975e35ef2
SHA1

014c1d471715f389c3456c2b6c3fb70fe73efd35
SHA256

dfec19b2418939555f65e61d31c45c4714605150b83315c6adb735567f3b4d36
SHA512

c580647640921aa2d32570668e2f3dd51a64765696ee612be326962a4bfc899975294514bd84bf912bbcd7762731c5d013bdd47de4eea53148f10beea3222c0f
SSDEEP

12288:FDoS9IMVPrEAuyxMBFVjjjkbPVA3mGLqjkzVucZ9f/2FvQk5c/HZVUH4Y/:SyHuyxmFVg5A3mG+I5ucZlQo1P/9U

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.frontierfulfillment.com.my
Port:
587
Username:
[email protected]
Password:
5_8B6kjVm
Email To:
[email protected]

Targets

- Target
  
  FRAIR00113735.pdf.exe
- Size
  
  1.1MB
- MD5
  
  82512c1c3a19270d6793a28975e35ef2
- SHA1
  
  014c1d471715f389c3456c2b6c3fb70fe73efd35
- SHA256
  
  dfec19b2418939555f65e61d31c45c4714605150b83315c6adb735567f3b4d36
- SHA512
  
  c580647640921aa2d32570668e2f3dd51a64765696ee612be326962a4bfc899975294514bd84bf912bbcd7762731c5d013bdd47de4eea53148f10beea3222c0f
- SSDEEP
  
  12288:FDoS9IMVPrEAuyxMBFVjjjkbPVA3mGLqjkzVucZ9f/2FvQk5c/HZVUH4Y/:SyHuyxmFVg5A3mG+I5ucZlQo1P/9U
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2