agenttesla | 7a780f84c6ea95f95b98d687ff1b7e4429c959b45d662d9a3622335cfc28f334 | Triage

Sharing

General

Target

7a780f84c6ea95f95b98d687ff1b7e4429c959b45d662d9a3622335cfc28f334
Size

1014KB
Sample

240425-cnsd5add98
MD5

3ef7b313327f8135085cc2576fd6ae48
SHA1

4d36acaabc5285e4c4d8b168a24780cad5101022
SHA256

7a780f84c6ea95f95b98d687ff1b7e4429c959b45d662d9a3622335cfc28f334
SHA512

675ebf1f9b4fcb938ccf31b04b33b57c2c0a041d7b31792226366ec654ecf59dd475116a37204ce8b9f1b474d7603fd7e4e0bd135bddcfcc83a19c676a416ab6
SSDEEP

24576:LAHnh+eWsN3skA4RV1Hom2KXcmtcBhqovxJZbZppD5:mh+ZkldoPKsacBQo7ZbZ5

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.soosmaquinaria.com
Port:
587
Username:
[email protected]
Password:
GHjfDse3.
Email To:
[email protected]

Targets

- Target
  
  7a780f84c6ea95f95b98d687ff1b7e4429c959b45d662d9a3622335cfc28f334
- Size
  
  1014KB
- MD5
  
  3ef7b313327f8135085cc2576fd6ae48
- SHA1
  
  4d36acaabc5285e4c4d8b168a24780cad5101022
- SHA256
  
  7a780f84c6ea95f95b98d687ff1b7e4429c959b45d662d9a3622335cfc28f334
- SHA512
  
  675ebf1f9b4fcb938ccf31b04b33b57c2c0a041d7b31792226366ec654ecf59dd475116a37204ce8b9f1b474d7603fd7e4e0bd135bddcfcc83a19c676a416ab6
- SSDEEP
  
  24576:LAHnh+eWsN3skA4RV1Hom2KXcmtcBhqovxJZbZppD5:mh+ZkldoPKsacBQo7ZbZ5
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan