agenttesla | 365e28eadb6dc0dadb3668971537a4f14344caf1573f9e88eac921a944c5bc56 | Triage

Sharing

General

Target

365e28eadb6dc0dadb3668971537a4f14344caf1573f9e88eac921a944c5bc56
Size

940KB
Sample

231031-rvpzxaaa9v
MD5

432856de9bad043ad444a66ddc630089
SHA1

c24ce55a25f3b369a85f507211219f0216ab3a16
SHA256

365e28eadb6dc0dadb3668971537a4f14344caf1573f9e88eac921a944c5bc56
SHA512

67b0ff32ad6127c4b06eeb8d35b0699cab60dcafbedbf0ede185fe0badedce05d3a18d3d4d37eb6c0612a600ff571382ce4e166792b4bec83e62f961da2cd007
SSDEEP

24576:aTbBv5rUT1Cw3KW7OBCBkjUZfpaOKUSdQYvD5:sB/tsBkchKzPv9

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mymobileorder.com
Port:
587
Username:
[email protected]
Password:
Grace@2023@121
Email To:
[email protected]

Targets

- Target
  
  365e28eadb6dc0dadb3668971537a4f14344caf1573f9e88eac921a944c5bc56
- Size
  
  940KB
- MD5
  
  432856de9bad043ad444a66ddc630089
- SHA1
  
  c24ce55a25f3b369a85f507211219f0216ab3a16
- SHA256
  
  365e28eadb6dc0dadb3668971537a4f14344caf1573f9e88eac921a944c5bc56
- SHA512
  
  67b0ff32ad6127c4b06eeb8d35b0699cab60dcafbedbf0ede185fe0badedce05d3a18d3d4d37eb6c0612a600ff571382ce4e166792b4bec83e62f961da2cd007
- SSDEEP
  
  24576:aTbBv5rUT1Cw3KW7OBCBkjUZfpaOKUSdQYvD5:sB/tsBkchKzPv9
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan