agenttesla | a96ec11040b2e20d39e3a0fd96de1932b1ba042ce2d08a39811d9011ce55409c | Triage

Sharing

General

Target

gSiVHtIBk021Ayu.exe
Size

687KB
Sample

231205-v288xadc4z
MD5

02a5859efad4d8d57afed4ea7887337f
SHA1

15fee5776de725d618dbbc55bbae9aa8e899b49b
SHA256

a96ec11040b2e20d39e3a0fd96de1932b1ba042ce2d08a39811d9011ce55409c
SHA512

d556f7796aa1a85cf7b7354b7460c0992212969ae02757fd07c5186256939417d1fb209e676d841f61442a9fd6ce4b3df327acaec4857faabef08ebb6b7a9198
SSDEEP

12288:6ccopox4qqR+s43z2CX/0Gp/74gjN7LHITdojjj3yeTtpRIboAV4:Me5c2yp/74ENoBylRJAV4

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.integrasolusindo.co.id
Port:
587
Username:
[email protected]
Password:
QJIKJNR6N0VS
Email To:
[email protected]

Targets

- Target
  
  gSiVHtIBk021Ayu.exe
- Size
  
  687KB
- MD5
  
  02a5859efad4d8d57afed4ea7887337f
- SHA1
  
  15fee5776de725d618dbbc55bbae9aa8e899b49b
- SHA256
  
  a96ec11040b2e20d39e3a0fd96de1932b1ba042ce2d08a39811d9011ce55409c
- SHA512
  
  d556f7796aa1a85cf7b7354b7460c0992212969ae02757fd07c5186256939417d1fb209e676d841f61442a9fd6ce4b3df327acaec4857faabef08ebb6b7a9198
- SSDEEP
  
  12288:6ccopox4qqR+s43z2CX/0Gp/74gjN7LHITdojjj3yeTtpRIboAV4:Me5c2yp/74ENoBylRJAV4
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan