agenttesla | 106fdee9fdea0d037a3e40698a66bbae8895451adfbe717f9e9303b2c7148128 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

106fdee9fdea0d037a3e40698a66bbae8895451adfbe717f9e9303b2c7148128
Size

331KB
Sample

240213-bk994afh21
MD5

a3abf2faefda712ec94d9b8f47996247
SHA1

6a916f426b080cc49ad15d4cc4b061e456291cf0
SHA256

106fdee9fdea0d037a3e40698a66bbae8895451adfbe717f9e9303b2c7148128
SHA512

5aa480b30903f69d4eca7fc06743a5f1aee06d210cb3839829baa7f47e2fe5edb3a2e8e1aa5cad3eb2da4d8dfd299d6335472ab8260546fbb3cad62c383f5d63
SSDEEP

6144:vfL+oqWgmCMAXubUxFEGSIY1QDgRgYJ4AQwgiMZ8utaW8ArgIRI:vfLoMNwxFSIY1p+vziEaWJk

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
server1.marfinllc.shop
Port:
587
Username:
[email protected]
Password:
5qGOEJ@!$_$3

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
server1.marfinllc.shop
Port:
587
Username:
[email protected]
Password:
5qGOEJ@!$_$3
Email To:
[email protected]

Targets

- Target
  
  106fdee9fdea0d037a3e40698a66bbae8895451adfbe717f9e9303b2c7148128
- Size
  
  331KB
- MD5
  
  a3abf2faefda712ec94d9b8f47996247
- SHA1
  
  6a916f426b080cc49ad15d4cc4b061e456291cf0
- SHA256
  
  106fdee9fdea0d037a3e40698a66bbae8895451adfbe717f9e9303b2c7148128
- SHA512
  
  5aa480b30903f69d4eca7fc06743a5f1aee06d210cb3839829baa7f47e2fe5edb3a2e8e1aa5cad3eb2da4d8dfd299d6335472ab8260546fbb3cad62c383f5d63
- SSDEEP
  
  6144:vfL+oqWgmCMAXubUxFEGSIY1QDgRgYJ4AQwgiMZ8utaW8ArgIRI:vfLoMNwxFSIY1p+vziEaWJk
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  ⠨/cvtres.exe
- Size
  
  6KB
- MD5
  
  74b9f58725963a11be59108efb2a9620
- SHA1
  
  87459af592cac5ca9ebf817e544f3db6f84f1fd2
- SHA256
  
  b93e104615376c3658caa5bf386ae9c38b287754a5c22bd8aa1c292ff9c8827c
- SHA512
  
  4f29a504479cb25ab53c688de77edf2c4dd2105895f323346fdf369e42b816f76b08c5d93b93966467f219ed0b89580ee227e00d552f374aaf8ec3c594098b85
- SSDEEP
  
  96:9dv5cvonsbfslGKn0+5j+AC1Ipafx9VSQR9TQzNt:xkbfxKn0+5jM9x9VSyy
Score

1^/10
behavioral3 behavioral4
- Target
  
  ⠨/temp.bat
- Size
  
  320KB
- MD5
  
  e617b4f4e3cfd84985341b65f093a1aa
- SHA1
  
  6c0d37989a3d2e839182b80d0f494111c9e6bcbc
- SHA256
  
  bdf92f74d05893ee9b3d80b8b471d08347bc8e6883bfd3ee7fa318ebd6acdc9e
- SHA512
  
  b591812d496969381d0f34b5ae1b8d443e8c30d531f5274fcd1517f37d6b0eca5c980bd111a001b9a9a876f91625bd6818fa5aec84a1adbf8c7a02eea3b0e22a
- SSDEEP
  
  6144:2VF+clTRAzCYkDdNook44OOw0Ee7swLFdjywDys+XSfSGFLMV+:YActRA2YGPocOie7swvf0iNLM8
Score

1^/10
behavioral5 behavioral6
- Target
  
  ⠨/temp.ps1
- Size
  
  1KB
- MD5
  
  5e817bbd9ef2f8821aa0283b20a51923
- SHA1
  
  102ca518d89653fb400636e660fa3fc276235c5c
- SHA256
  
  27f2822ca2be992ebb6e1000aa3a2c39e9b4ff7e257cb45eadda8776d65018a7
- SHA512
  
  f21388e0655e6733abc70ff9fe2bbfdca00d81d2e7a09236d679293df34a966990f689f2d62119cdd877c7aeda35ab0c2b3c66108bc6b721e5dea34a93342d2e
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerspywarestealertrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8