agenttesla

Resubmissions

09/04/2024, 12:18

240409-pgkf6aaa5v 9

09/04/2024, 12:17

09/04/2024, 12:17

09/04/2024, 12:17

05/03/2024, 10:59

Sharing

Copy URL Twitter E-mail

General

Target

Purchase Order No. 4500146827.ace
Size

12KB
Sample

240305-m3djmaea78
MD5

79f1087fa365c951b508b74f864560a9
SHA1

35d8f7f4b2df9597ff678d51ccf4df7312a03c09
SHA256

78dc8a078ef70af3f4f8902a597c2d53d4e13e4a7a68bb3f286b360b916948d1
SHA512

df9ecb1ef2b203420229d35bf81634a0b960d348b05839448f8fa15e05a50aefc137e9d232a8005bd6d053ad75fd20d3034951eabf90d436e1ea99704002e943
SSDEEP

192:ENevOPwAmm9zou+ELYQd7KpPslni93QxyP/NeyWiBUNm/uV8o7ZiVOrun:ENrmmH5LndQQ43QNyWrHeo7Zisw

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.supplyvan.xyz
Port:
587
Username:
[email protected]
Password:
Ifeanyi1987@
Email To:
[email protected]

Targets

- Target
  
  Purchase Order No. 4500146827.exe
- Size
  
  25KB
- MD5
  
  cec230139ad2745a9fc15e02c6542e2d
- SHA1
  
  a32f05f294ee6ba0e713aa619f63bac3929c0bc8
- SHA256
  
  64887897dd3a2b278418cb096f83d7d1bf7ced1c118fef716bd8c6ec4fe91050
- SHA512
  
  f88ae9ea244ab2ffbba3069eaeeb9d96b3c91d840999b47eab5e2475a3f6f9aa5d21d3854480716cfd7738ad6f37a69d7f1c2b9a53b05099952322b9cc99bca8
- SSDEEP
  
  768:6YTLFV/TIo3J4bqBLW29ydo6fy+tJ1amp:6aLFVRJgu79UoK1amp
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Contacts a large (3999) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Contacts a large (3999) amount of remote hosts

Creates a large amount of network flows

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2