agenttesla | 8967ba06a9ea11aa7b7323e7e830ce0d11202e64b4724f3589510400b3dcd36d | Triage

Sharing

General

Target

8967ba06a9ea11aa7b7323e7e830ce0d11202e64b4724f3589510400b3dcd36d
Size

1.3MB
Sample

240425-bsl78sch7v
MD5

92c6ada9749cb0960e77dcc87b89c134
SHA1

eb00fc0f7e11615dfb5ef3b59873a0b108f5b29f
SHA256

8967ba06a9ea11aa7b7323e7e830ce0d11202e64b4724f3589510400b3dcd36d
SHA512

c2e9b0bc0894c4af4534e6b3f31375a36a1ac1997fbc67bc7a05625ed134998851959c4ac8059a930b521890a84a0e711df7cdb7e5c59dc5eff8107322542e3d
SSDEEP

12288:0hF2iNG8txwymWPYGk1N7HllNsVuLBPbU6gXVDpKq1ZzI1IgzbR6lv312Z3tGk:CF1ByymWPC1VL6VuL2JVDIuuR6J312Z

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.alfainterplast.com.ua
Port:
587
Username:
[email protected]
Password:
pay2024password$$
Email To:
[email protected]

Targets

- Target
  
  Unicredit_OutwardRemittance_copy__PDF.scr
- Size
  
  784KB
- MD5
  
  9810741e60031ea0438f997539d4bb95
- SHA1
  
  a4bd51175629f2ae92917133ff1f92d0ff02df6d
- SHA256
  
  7ed15e981155508352b3b0a00914c2809b28e80fb6ebab81020fdac6ceff05c9
- SHA512
  
  15a2aafb1e076267310a79459916ed037797264961faef0dda5e30cc575dba43f14a592c90ab436ab173976fb9c91901e9c9bdfc574bddab26f825d70585d368
- SSDEEP
  
  12288:ShF2iNG8txwymWPYGk1N7HllNsVuLBPbU6gXVDpKq1ZzI1IgzbR6lv312Z3tGkR:MF1ByymWPC1VL6VuL2JVDIuuR6J312ZH
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan