agenttesla | c9391020e00e26ae0242e2bce06f6def9c04bbaa3b898d36c6e7772726a60de3 | Triage

Sharing

General

Target

NEAS.c9391020e00e26ae0242e2bce06f6def9c04bbaa3b898d36c6e7772726a60de3.exe
Size

253KB
Sample

231111-m3cmbseh72
MD5

684218d826981df4a3ed247663a1c726
SHA1

5aa6a53b3f6573d2da604347b0b5c16dfc9db892
SHA256

c9391020e00e26ae0242e2bce06f6def9c04bbaa3b898d36c6e7772726a60de3
SHA512

9159e62e8289140834cf84586d02b21178b40929d5a08fc6bc6eaac7a7152607b59243f7b2aefa179908ae527a1b5c3e17593b67e5c392264607dd457afcc509
SSDEEP

3072:FOiTYp32ujX2MIfAJq8EfBdlx0uymOARPSXPftqq7IdsRYbMet7llE9cAjAO3Jvx:tgw8sdlx0AgXHtfnRYQeFla9cAj5vUuB

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
server1.sqsendy.shop
Port:
587
Username:
[email protected]
Password:
{f];qthoiBBW
Email To:
[email protected]

Targets

- Target
  
  NEAS.c9391020e00e26ae0242e2bce06f6def9c04bbaa3b898d36c6e7772726a60de3.exe
- Size
  
  253KB
- MD5
  
  684218d826981df4a3ed247663a1c726
- SHA1
  
  5aa6a53b3f6573d2da604347b0b5c16dfc9db892
- SHA256
  
  c9391020e00e26ae0242e2bce06f6def9c04bbaa3b898d36c6e7772726a60de3
- SHA512
  
  9159e62e8289140834cf84586d02b21178b40929d5a08fc6bc6eaac7a7152607b59243f7b2aefa179908ae527a1b5c3e17593b67e5c392264607dd457afcc509
- SSDEEP
  
  3072:FOiTYp32ujX2MIfAJq8EfBdlx0uymOARPSXPftqq7IdsRYbMet7llE9cAjAO3Jvx:tgw8sdlx0AgXHtfnRYQeFla9cAj5vUuB
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan