agenttesla | 9cf7ed4acdb3da0aab6ff6861be5da761d6bfccecd100bfe3e945592b5be19b0 | Triage

Sharing

General

Target

9cf7ed4acdb3da0aab6ff6861be5da761d6bfccecd100bfe3e945592b5be19b0
Size

844KB
Sample

240425-cnvt9adf8y
MD5

249f51a149152e90ecdcbeceb40f0114
SHA1

0a4578ecb4aec6ec87ae5de3ca46e0ac5d7f60e4
SHA256

9cf7ed4acdb3da0aab6ff6861be5da761d6bfccecd100bfe3e945592b5be19b0
SHA512

573205806e92a53ab21960ad85409a9fa45ddb49d28a47dda10b391aae88f568e190ed188f6c68be9a39b01923ff9484391bf87fa004ed4fe38a047d2aef6715
SSDEEP

12288:ZGIwGs0SpmBwGXjdX32ogZ+g/yHkZeQzrjKEddyDZNdgc+WU:oXGs0SpmB3XZnMZ4yz/dwDDdg

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
cphost09.qhoster.net
Port:
587
Username:
[email protected]
Password:
[email protected]
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
cphost09.qhoster.net
Port:
587
Username:
[email protected]
Password:
[email protected]

Targets

- Target
  
  9cf7ed4acdb3da0aab6ff6861be5da761d6bfccecd100bfe3e945592b5be19b0
- Size
  
  844KB
- MD5
  
  249f51a149152e90ecdcbeceb40f0114
- SHA1
  
  0a4578ecb4aec6ec87ae5de3ca46e0ac5d7f60e4
- SHA256
  
  9cf7ed4acdb3da0aab6ff6861be5da761d6bfccecd100bfe3e945592b5be19b0
- SHA512
  
  573205806e92a53ab21960ad85409a9fa45ddb49d28a47dda10b391aae88f568e190ed188f6c68be9a39b01923ff9484391bf87fa004ed4fe38a047d2aef6715
- SSDEEP
  
  12288:ZGIwGs0SpmBwGXjdX32ogZ+g/yHkZeQzrjKEddyDZNdgc+WU:oXGs0SpmB3XZnMZ4yz/dwDDdg
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan