agenttesla

General

Target

0254025b294133b4e71de66ad453e83f414ef6e5440f19e9017d26bc2ff2a2f1
Size

629KB
Sample

240320-cjhdcseg7v
MD5

b77e0b1deb6602a1c6029295114d91ea
SHA1

3142b6a4ae2481f9be71e7ea6f9abbedac914c08
SHA256

0254025b294133b4e71de66ad453e83f414ef6e5440f19e9017d26bc2ff2a2f1
SHA512

5bb5b5e65e386180138bfddada07c08f759d35744a8014812bc9e7585582e9568cf66dcc06b9541de13f32a403961c48071af68c82dfbf8e1f5296cd82bc6c52
SSDEEP

12288:Zz64+JKNOfpUmvA4Bjfcg5jBfnvM/VWnA1gI0ZO0:84KJf4DcvM/4n20E0

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.alff.co.za
Port:
587
Username:
[email protected]
Password:
IAMaHAYfan456!

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.alff.co.za
Port:
587
Username:
[email protected]
Password:
IAMaHAYfan456!
Email To:
[email protected]

Targets

- Target
  
  0254025b294133b4e71de66ad453e83f414ef6e5440f19e9017d26bc2ff2a2f1
- Size
  
  629KB
- MD5
  
  b77e0b1deb6602a1c6029295114d91ea
- SHA1
  
  3142b6a4ae2481f9be71e7ea6f9abbedac914c08
- SHA256
  
  0254025b294133b4e71de66ad453e83f414ef6e5440f19e9017d26bc2ff2a2f1
- SHA512
  
  5bb5b5e65e386180138bfddada07c08f759d35744a8014812bc9e7585582e9568cf66dcc06b9541de13f32a403961c48071af68c82dfbf8e1f5296cd82bc6c52
- SSDEEP
  
  12288:Zz64+JKNOfpUmvA4Bjfcg5jBfnvM/VWnA1gI0ZO0:84KJf4DcvM/4n20E0
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  b55f7f1b17c39018910c23108f929082
- SHA1
  
  1601f1cc0d0d6bcf35799b7cd15550cd01556172
- SHA256
  
  c4c6fe032f3cd8b31528d7b99661f85ee22cb78746aee98ec568431d4f5043f7
- SHA512
  
  d652f2b09396ef7b9181996c4700b25840ceaa6c1c10080a55ce3db4c25d8d85f00a21e747f9d14a3374be4cdd4ea829a18d7de9b27b13b5e304447f3e9268fa
- SSDEEP
  
  96:L7fhfKaGgchPzxK6bq+pKX6D8ZLidGgmkN538:RbGgGPzxeX6D8ZyGgmkN
Score

3^/10
behavioral3 behavioral4
- Target
  
  Accompanying/Fernanda/Typebetegnelsers/Surrounder189/Vorticular.Mel
- Size
  
  57KB
- MD5
  
  3487747f000765c50b8e3084ba77ef06
- SHA1
  
  e14121380dbd69ad1b252bcde6c6f533895a6044
- SHA256
  
  a4c5f120075ff60267ff56df31ffb7f848cb5e202ea070fe310232a509d01c54
- SHA512
  
  35095544258327bc35f0c33c5ad726cdeb80bd7f08d576558fe4f945a3a62e5872efd0e27602365f47ff8cb7d81885017e12de3a8124abaafef25d337da0fc42
- SSDEEP
  
  1536:sXGzSV6xnKl5mb9MY4feSwThvyFNolAjmDACocYY:Rzki1uezFyF2tDACHYY
Score

8^/10

persistence
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral5 behavioral6