agenttesla

General

Target

027545e09f397707e98abf5c192c35e5b01a51a74edc2070b9f950140b5c3ef2
Size

555KB
Sample

240329-bzkyraef32
MD5

99b3c84d119b8d3173aa52f40871a090
SHA1

029c6d4d7f5509bed4fe65e2ee961c058d896a61
SHA256

027545e09f397707e98abf5c192c35e5b01a51a74edc2070b9f950140b5c3ef2
SHA512

f7e1bd7e12d6e34deb0c40bd4bdc4b69c6fc7d43feb8671212eb8ac588a3d1e26922be5edb7d28997b088f5e3bbea72b61e98cb160c7288f18e0b1ae10302448
SSDEEP

12288:ZCcSi/icxi33VLqAdQqW8sHPS9ojrO+HTG07rS:ZoiKainVPdQBSuGyG0K

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.legodimo.co.za
Port:
587
Username:
[email protected]
Password:
IFfo%142#

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.legodimo.co.za
Port:
587
Username:
[email protected]
Password:
IFfo%142#
Email To:
[email protected]

Targets

- Target
  
  027545e09f397707e98abf5c192c35e5b01a51a74edc2070b9f950140b5c3ef2
- Size
  
  555KB
- MD5
  
  99b3c84d119b8d3173aa52f40871a090
- SHA1
  
  029c6d4d7f5509bed4fe65e2ee961c058d896a61
- SHA256
  
  027545e09f397707e98abf5c192c35e5b01a51a74edc2070b9f950140b5c3ef2
- SHA512
  
  f7e1bd7e12d6e34deb0c40bd4bdc4b69c6fc7d43feb8671212eb8ac588a3d1e26922be5edb7d28997b088f5e3bbea72b61e98cb160c7288f18e0b1ae10302448
- SSDEEP
  
  12288:ZCcSi/icxi33VLqAdQqW8sHPS9ojrO+HTG07rS:ZoiKainVPdQBSuGyG0K
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  51e63a9c5d6d230ef1c421b2eccd45dc
- SHA1
  
  c499cdad5c613d71ed3f7e93360f1bbc5748c45d
- SHA256
  
  cd8496a3802378391ec425dec424a14f5d30e242f192ec4eb022d767f9a2480f
- SHA512
  
  c23d713c3c834b3397c2a199490aed28f28d21f5781205c24df5e1e32365985c8a55be58f06979df09222740ffa51f4da764ebc3d912cd0c9d56ab6a33cab522
- SSDEEP
  
  96:W7GUaYNwCLuGFctpiKFlYJ8hH4RVHpwdEeY3kRlDr6dMqqyVgN738:Iygp3FcHi0xhYMR8dMqJVgN
Score

3^/10
behavioral3 behavioral4
- Target
  
  Overstretch/Automobilfirmaers/Natchezan/Outreckon.Sty
- Size
  
  55KB
- MD5
  
  85bee3407dc99a55d809e31f5b8822f3
- SHA1
  
  898e5873998c61dc48e6a01e43ba667f9a70f571
- SHA256
  
  2afd7f567beb13e65577a1d2ee4d6a161c4a1b01cb154c7129846d7ed74ad0c0
- SHA512
  
  06140520fedab28d7a982dc0d1563aed53b59a943131ed58cff405620c412e63f9dd7019661677bd562bd8813a09613b0e1f44752b983e953eef891af4941587
- SSDEEP
  
  1536:z9Ie8eKpSG2o84eXnjC0TcpW+acHuDuqSTd+1:zee8Bv87DcTuSqX1
Score

8^/10

persistence
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral5 behavioral6