agenttesla

General

Target

3152f0e6e99535956c707d6b5d1df5bc3084cb50940f2b13436d3badc83d3e34
Size

34KB
Sample

240311-bxnlvsgh49
MD5

ce0ef321786892ad01bf66c84496eac0
SHA1

ba3b12c728cae77faa5b2d7cc1f63c03157450ea
SHA256

3152f0e6e99535956c707d6b5d1df5bc3084cb50940f2b13436d3badc83d3e34
SHA512

9caf2995cf9acae5031fcc5614b6af23601391e4dee9f44dfa58c08f3f01254fa2fc2b7498fb44abb2017dff67e6a4731487092a4c25a6ebb901581bf61ffb24
SSDEEP

768:rG9oPnGEN5CCywH9pWR1/HffyyZyoFrFvndqXXdr:r5HNjywH9piHSyZyoFZEXZ

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.marinasands.gr
Port:
587
Username:
[email protected]
Password:
;lHJ#%M!iBh-
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
mail.marinasands.gr
Port:
587
Username:
[email protected]
Password:
;lHJ#%M!iBh-

Targets

- Target
  
  3152f0e6e99535956c707d6b5d1df5bc3084cb50940f2b13436d3badc83d3e34
- Size
  
  34KB
- MD5
  
  ce0ef321786892ad01bf66c84496eac0
- SHA1
  
  ba3b12c728cae77faa5b2d7cc1f63c03157450ea
- SHA256
  
  3152f0e6e99535956c707d6b5d1df5bc3084cb50940f2b13436d3badc83d3e34
- SHA512
  
  9caf2995cf9acae5031fcc5614b6af23601391e4dee9f44dfa58c08f3f01254fa2fc2b7498fb44abb2017dff67e6a4731487092a4c25a6ebb901581bf61ffb24
- SSDEEP
  
  768:rG9oPnGEN5CCywH9pWR1/HffyyZyoFrFvndqXXdr:r5HNjywH9piHSyZyoFZEXZ
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Contacts a large (4314) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Subvert Trust Controls

1

T1553

Install Root Certificate

1

T1553.004

Credential Access

Discovery

Network Service Discovery

2

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Contacts a large (4314) amount of remote hosts

Creates a large amount of network flows

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2