agenttesla | 8e6808c69a2fb86f9f42bc709e754205fe9fe1310442335909fb2f70ab8ec366 | Triage

Resubmissions

21/04/2024, 02:50

240421-dbn2lshb25 10

21/04/2024, 02:03

240421-cgy84agc42 10

Sharing

Copy URL Twitter E-mail

General

Target

fc9c091daa95c1cab2b0fe8f5d355a71.bin
Size

637KB
Sample

240421-dbn2lshb25
MD5

569e1a5be94c5691aafa81892955ef98
SHA1

56047a1d56a95bef181e4cc73785d8213e123ece
SHA256

8e6808c69a2fb86f9f42bc709e754205fe9fe1310442335909fb2f70ab8ec366
SHA512

aa4843433e78cb091a232d511fa64d9847fac5c78091d3f77407ff5b2ccf250a992fc4f35dcaee5243d4f6dd6f617d0f77f6b38d3916cf7b2d80eb5eb89a2fec
SSDEEP

12288:Mrd2ECTocI+CVcW2H+xpx17c2TWLXkyDk2Yq/ck7kK0q:SdrKlCeW24v5cTVDkJq/JA9q

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.jmfresh.sg
Port:
587
Username:
[email protected]
Password:
[email protected]
Email To:
[email protected]

Targets

- Target
  
  fc83bfec2d58dfb71be0fec0c02f69996c5349845dd39c8048b520696003e1fc.exe
- Size
  
  1.1MB
- MD5
  
  fc9c091daa95c1cab2b0fe8f5d355a71
- SHA1
  
  b8162cfcf19d65735dadc64a928e755de6515141
- SHA256
  
  fc83bfec2d58dfb71be0fec0c02f69996c5349845dd39c8048b520696003e1fc
- SHA512
  
  692bc80b2f5c444d451a87c7c4f56945c15f8ab693ccb074d415d17d89001c333ae0b4f76f1829be60643c826e54ad0613b08fa561b824f6cfa8fef77b0f8d82
- SSDEEP
  
  24576:GqDEvCTbMWu7rQYlBQcBiT6rprG8a9sRjvV:GTvC/MTQYxsWR7a98jv
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan