agenttesla | 8af5b6dc94c7b1a2752aac8dba3c000cc6d889507ee09e5e52f948430195282d | Triage

Sharing

General

Target

8af5b6dc94c7b1a2752aac8dba3c000cc6d889507ee09e5e52f948430195282d
Size

628KB
Sample

240327-be46wsge46
MD5

be47912c008ba24aff05b08991969bd2
SHA1

84c34e11098deba6d51da5b2e03a1813c9e44514
SHA256

8af5b6dc94c7b1a2752aac8dba3c000cc6d889507ee09e5e52f948430195282d
SHA512

cc64809c9a235de8d15ee72a86706c8f14bba216eb298557efe4bc38b84ea5e8cadd7c3d999676805de3afd4aae81bd22773e2193fc7ee8d091f490d03a4af69
SSDEEP

12288:tI/PuD+HOGk9Hg+WObVUWJtY4bac8pnY1Ypa+rUoC3zu:Yy+Hi9HzWObVDJtYnpn3ou

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.gosportz.in
Port:
587
Username:
[email protected]
Password:
Ss@gosportz
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
mail.gosportz.in
Port:
587
Username:
[email protected]
Password:
Ss@gosportz

Targets

- Target
  
  8af5b6dc94c7b1a2752aac8dba3c000cc6d889507ee09e5e52f948430195282d
- Size
  
  628KB
- MD5
  
  be47912c008ba24aff05b08991969bd2
- SHA1
  
  84c34e11098deba6d51da5b2e03a1813c9e44514
- SHA256
  
  8af5b6dc94c7b1a2752aac8dba3c000cc6d889507ee09e5e52f948430195282d
- SHA512
  
  cc64809c9a235de8d15ee72a86706c8f14bba216eb298557efe4bc38b84ea5e8cadd7c3d999676805de3afd4aae81bd22773e2193fc7ee8d091f490d03a4af69
- SSDEEP
  
  12288:tI/PuD+HOGk9Hg+WObVUWJtY4bac8pnY1Ypa+rUoC3zu:Yy+Hi9HzWObVDJtYnpn3ou
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan