agenttesla | 0cf03463ef356a3efd6df247333143b40dfdc4dd50888ac388743ea817e3b88f | Triage

Sharing

General

Target

0cf03463ef356a3efd6df247333143b40dfdc4dd50888ac388743ea817e3b88f
Size

1.3MB
Sample

240320-c6ekzsfe6z
MD5

fe11f252a14d3eda9a9fd40627a49b42
SHA1

6feb47b70a0028bcd8482b301dc1c2286ac1cda9
SHA256

0cf03463ef356a3efd6df247333143b40dfdc4dd50888ac388743ea817e3b88f
SHA512

2fc3b6ef8686fe96abbbe2f7b98177d02060e992a69662a70e842b4ece89130d3dceadb0d79bd9b7002f90eb5cad04b16a5d01b595530b575ff1c3b405bd2d7e
SSDEEP

24576:+fVE9JOwLpXSel31n20ESW9AR3lL3VIGtdoXwEhBQgAGaCKJ1wSvXhJNE8x4Dd2z:+fVE9nLpXf1yCdK4B2a

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.bezzleauto.com
Port:
587
Username:
[email protected]
Password:
|[NbQj>}o^#0
Email To:
[email protected]

Targets

- Target
  
  0cf03463ef356a3efd6df247333143b40dfdc4dd50888ac388743ea817e3b88f
- Size
  
  1.3MB
- MD5
  
  fe11f252a14d3eda9a9fd40627a49b42
- SHA1
  
  6feb47b70a0028bcd8482b301dc1c2286ac1cda9
- SHA256
  
  0cf03463ef356a3efd6df247333143b40dfdc4dd50888ac388743ea817e3b88f
- SHA512
  
  2fc3b6ef8686fe96abbbe2f7b98177d02060e992a69662a70e842b4ece89130d3dceadb0d79bd9b7002f90eb5cad04b16a5d01b595530b575ff1c3b405bd2d7e
- SSDEEP
  
  24576:+fVE9JOwLpXSel31n20ESW9AR3lL3VIGtdoXwEhBQgAGaCKJ1wSvXhJNE8x4Dd2z:+fVE9nLpXf1yCdK4B2a
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2