agenttesla | b8745c6cc766aa6eee5ada198fcdfd1271ce91a03936a1f1f2d4d395052026c1 | Triage

Sharing

General

Target

b8745c6cc766aa6eee5ada198fcdfd1271ce91a03936a1f1f2d4d395052026c1
Size

1.6MB
Sample

240327-byncgshb93
MD5

8dd97a1563b059f0abaacd293946582a
SHA1

b63af72078fad78f9cc332de2bf40fc2df421894
SHA256

b8745c6cc766aa6eee5ada198fcdfd1271ce91a03936a1f1f2d4d395052026c1
SHA512

d1c2648ebed329ce129a43eeb35c0600c6a7c2bd58144c5dc1dc323794b9f9be0eed7bca66c716e403fa769928856cfc9660d1671060c51760c773b5a93b70d1
SSDEEP

24576:uqDEvCTbMWu7rQYlBQcBiT6rprG8aTlIRtd7G3Bz:uTvC/MTQYxsWR7aTl2SR

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.crediperu.pe
Port:
587
Username:
[email protected]
Password:
Jfupuy02chung
Email To:
[email protected]

Targets

- Target
  
  TRANSFERENCIA.exe
- Size
  
  1.1MB
- MD5
  
  e0c15954675c69af377b428d68e75cc5
- SHA1
  
  b06501c31d34eb48a7493e63d17b1a851499ff10
- SHA256
  
  878d5c3268d152cf35bd86af342b7ad31eb7f11e4971e8816007c8ba0ab50b48
- SHA512
  
  7d435c289f92e1c1a942203d1979c60fcc6e489fdfe2642704bff467b625e744225088bdea180ac2f3f198e5c5519363a7e11dda235c98df84226d90a76d313c
- SSDEEP
  
  24576:AqDEvCTbMWu7rQYlBQcBiT6rprG8aTlIRtd7G3Bz:ATvC/MTQYxsWR7aTl2SR
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan