agenttesla | 647a52579fa8b279c084cc84507a5d1c68c6b17bcbe97de2b8d4594a3e27c16b | Triage

Sharing

General

Target

c897ee21909bcb1413b6e20477717dbc_JaffaCakes118
Size

666KB
Sample

240405-c66pgaah24
MD5

c897ee21909bcb1413b6e20477717dbc
SHA1

7a53704b3e995d565ceab1054b470ad64e9cc4b0
SHA256

647a52579fa8b279c084cc84507a5d1c68c6b17bcbe97de2b8d4594a3e27c16b
SHA512

edb9d2db6d245aa88fac06404346ae7fe161339a57cdfcf34f38b6813179f6913539a29c1da7d37cc711f9477d81d6e99de0fc00287e4b8477698a1c90b204ab
SSDEEP

12288:jjinLaCsWHJl6Ipy4TTicNcrwiQ39EoJFQ3F7N/6zkwL6mCjuPoiBR:jj6zVTbNVtDQ7N/6zYuwAR

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.citechco.net
Port:
587
Username:
[email protected]
Password:
Webana@321#

Targets

- Target
  
  SOA.exe
- Size
  
  512KB
- MD5
  
  5fbde32f923edf89d89dcab60b07fd86
- SHA1
  
  dfdd545ca3b31bf3d74bfa1598ffb2bbac987dd0
- SHA256
  
  e6b35b0c81fbe9a13602d49d28b382c697263672a937486910073fcb54e3b1b0
- SHA512
  
  45cdf0fce3f266355530157a3b61d6855810be83ac455be456a57bc3b8a2ddc684fd3862c3ba7ee82ffc34bed004b779060b21905e4386c5fa3ecf631e38a9e6
- SSDEEP
  
  12288:mySBeyYq6YFBpaIq8kA6UItMjk/l8tIR:wBdYZYFBvJkA6HIMD
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  attachment-2
- Size
  
  101KB
- MD5
  
  dcb89f3660b9a7305495f1ea42e89fb0
- SHA1
  
  daf65f0490af6a6071359db80a0ec93589e527c4
- SHA256
  
  e2da2376f47acb3ec99e8f0e63884ea0959fb837c6c216cacceae57a5ec50766
- SHA512
  
  43559b526c805280579a11e629583ff674031177290a19d76b9117cfbd6b2fdcbe9c36247c05fea48dd7b7f49c786d0a1bc4dedd7764207110d392db1afd0b8d
- SSDEEP
  
  1536:8IQn2jSupcFJVdgdmSB38zNF1bR8ZtOYIIHiW+XyPyJSkb6MR2Sy:8WjSupQJm3m98Z7JPyMkb6MsSy
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral3

behavioral4