agenttesla | 4d698f4799b7a7fee3105c9d3c1e47fbb0f0d565e547216a52187c5a3438fb15 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ee17020f12968548b24f4c5f162a767a.bin
Size

715KB
Sample

240110-d7mhnadahl
MD5

03f99b49c660c1d862a36942b8628181
SHA1

1ba5aa9a37a8e9e7c83e85ba8ee1891b3690d36f
SHA256

4d698f4799b7a7fee3105c9d3c1e47fbb0f0d565e547216a52187c5a3438fb15
SHA512

167a468be56b73b59274c5e8f0bfa151176ea88328779df30f593e612c33830667e3896275f3f0b36e5e13e10ee6d9825fc5ba375c7ad7c37381dc07e1d9aff7
SSDEEP

12288:UbdralEMNhoYll60iIOJLkoPH9qFZgriOtTxrMIMf/8LKJWUpyx:0mlEMNCgEJJL5qgGMTxQD8qM

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
cp5ua.hyperhost.ua
Port:
587
Username:
[email protected]
Password:
7213575aceACE@#$
Email To:
[email protected]

Targets

- Target
  
  cdc07215534b2a013cc2ab666d9a37eaebf478aa389489416159fd7034c2670d.exe
- Size
  
  914KB
- MD5
  
  ee17020f12968548b24f4c5f162a767a
- SHA1
  
  17ffb97a8d5982952fa36950ded78e980acd37be
- SHA256
  
  cdc07215534b2a013cc2ab666d9a37eaebf478aa389489416159fd7034c2670d
- SHA512
  
  d99cbcbe2ad0c00a2a393c99f6d607973a7a2bde7e89f8e79a13c0c2b8e8e114d8824846a0de5e46e27c436384357dbcfd3c9b50f63b84983b60c9f425b104d0
- SSDEEP
  
  24576:ushkAkeX3B5sr0mFZESjjNrlGWhDyaLzK7:u2LHHjsIkOShlLDyMzK7
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan