agenttesla

General

Target

6bdd376a0f05f39fb60037fb1add006f9794805981d5aa3295551407bbf33bcb.exe
Size

51KB
Sample

240212-fce67sah5w
MD5

cdea1ac7d7c1be95bd43ccbe4b9f0c94
SHA1

e2d0182c27dd07629e7a2d647241e548c6ceaa2f
SHA256

6bdd376a0f05f39fb60037fb1add006f9794805981d5aa3295551407bbf33bcb
SHA512

b20be933d7a2595d927e803d0d4dc094770b0bf0edbf71b083bdb34e8a05fb9e24ae3951a73f3f8c732c724872625736fc0d307f922d5c90fe867a85b6c78bc2
SSDEEP

768:eLjmX0yEkLNeG5VoYrb6Vz0bjZ/o+CUhdhaj2DF5gcJEJYXfC5/PeBoume6Gbv4t:Ybyn91aEF5jVIHi3CrAbhi7KUtBHZ

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.rimiapparelsltd.com
Port:
587
Username:
[email protected]
Password:
Everest10@
Email To:
[email protected]

Targets

- Target
  
  6bdd376a0f05f39fb60037fb1add006f9794805981d5aa3295551407bbf33bcb.exe
- Size
  
  51KB
- MD5
  
  cdea1ac7d7c1be95bd43ccbe4b9f0c94
- SHA1
  
  e2d0182c27dd07629e7a2d647241e548c6ceaa2f
- SHA256
  
  6bdd376a0f05f39fb60037fb1add006f9794805981d5aa3295551407bbf33bcb
- SHA512
  
  b20be933d7a2595d927e803d0d4dc094770b0bf0edbf71b083bdb34e8a05fb9e24ae3951a73f3f8c732c724872625736fc0d307f922d5c90fe867a85b6c78bc2
- SSDEEP
  
  768:eLjmX0yEkLNeG5VoYrb6Vz0bjZ/o+CUhdhaj2DF5gcJEJYXfC5/PeBoume6Gbv4t:Ybyn91aEF5jVIHi3CrAbhi7KUtBHZ
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF
- Detects executables containing artifacts associated with disabling Widnows Defender
- Detects executables embedding command execution via IExecuteCommand COM object
- Detects executables potentially checking for WinJail sandbox window
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF

Detects executables containing artifacts associated with disabling Widnows Defender

Detects executables embedding command execution via IExecuteCommand COM object

Detects executables potentially checking for WinJail sandbox window

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2