agenttesla

General

Target

ΑΕΡΟΠΟΡΙΚΗ ΕΞΑΓΩΓΗ ΓΙΑ ΟΥΚΡΑΝΙΑ.PDF.gz
Size

669KB
Sample

240405-pcc7aabe8t
MD5

e05d8c572c8f93d6f208f2ce14f6ef87
SHA1

179c397f765461ffb12abb91c0335592427ed5dc
SHA256

73599936653d9327d6353a3d93d3db43f4c5a38e33f861f781f95f683eba02a1
SHA512

dedc7b019e5430e44b791fc846f2558f13be45af47841e23093bb990f4d0288788acc0fb6f09fa373177640eeacb7c7290ac77a8639e9c782fbb3538af3559a6
SSDEEP

12288:Z+Q57+mTQKeJX5dOpp7/DTNLIU73roQQ7bq5t/IRhDeEI:l57+mobWZlIuox3q7/I9I

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
nl9.nlkoddos.com
Port:
587
Username:
[email protected]
Password:
Myname321@
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
nl9.nlkoddos.com
Port:
587
Username:
[email protected]
Password:
Myname321@

Targets

- Target
  
  __________ ___GOG_ G__ ________.PDF.exe
- Size
  
  716KB
- MD5
  
  e3d5399a365adbe04a405e405c54f4aa
- SHA1
  
  73885090bd1f680f2b9fc1b2641838f7d171e595
- SHA256
  
  bd7f924e17174165e42ee077f973be26f07c6653ff33951ff9c53fb7cc833bae
- SHA512
  
  77190ad1e7cd6c5f577214d69350a9b38c88260d743c27eacdaf4f72af54f9ee1f4c9c65649d125f46c034d6b84c0f694a6019bd283a220fabaf312d97f4bb70
- SSDEEP
  
  12288:/pndsbu0jTgll7ORn7rDpTLyAJfrCQIdZaLtxKVQWFH0h0Q8kR:KdTgXWd3yCCZnapxKlV0h0QL
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4