agenttesla | d4b0d250879757b13113d03ca5ab449771e5f4a31ab082dba16d124498a98e5c | Triage

Sharing

General

Target

d4b0d250879757b13113d03ca5ab449771e5f4a31ab082dba16d124498a98e5c
Size

636KB
Sample

240426-beqcqsgf82
MD5

b9df3bc72171550875457bca5b4f9042
SHA1

1517de29c1c62ecb854c9ae82028a439d6f737cd
SHA256

d4b0d250879757b13113d03ca5ab449771e5f4a31ab082dba16d124498a98e5c
SHA512

85c89a984c3ad8d42dc9b4e66cb0495d24fd2fa7d935e2daa019f1af34ebe0ef2562be5fc06a61ed59a78913bdb5d5acbc9c3dcaf62e5b22699b60eac8a06282
SSDEEP

12288:6sRelh9xGjhzYIzn4IOpmKsLesMcNr0dniYgd4tllBEjjEMimCi3:6UyU5YIz4IQ6esMcN2nFI6VEjj5iRC

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.lilydesign.com.tr
Port:
587
Username:
[email protected]
Password:
1207HAmza*

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.lilydesign.com.tr
Port:
587
Username:
[email protected]
Password:
1207HAmza*
Email To:
[email protected]

Targets

- Target
  
  d4b0d250879757b13113d03ca5ab449771e5f4a31ab082dba16d124498a98e5c
- Size
  
  636KB
- MD5
  
  b9df3bc72171550875457bca5b4f9042
- SHA1
  
  1517de29c1c62ecb854c9ae82028a439d6f737cd
- SHA256
  
  d4b0d250879757b13113d03ca5ab449771e5f4a31ab082dba16d124498a98e5c
- SHA512
  
  85c89a984c3ad8d42dc9b4e66cb0495d24fd2fa7d935e2daa019f1af34ebe0ef2562be5fc06a61ed59a78913bdb5d5acbc9c3dcaf62e5b22699b60eac8a06282
- SSDEEP
  
  12288:6sRelh9xGjhzYIzn4IOpmKsLesMcNr0dniYgd4tllBEjjEMimCi3:6UyU5YIz4IQ6esMcN2nFI6VEjj5iRC
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerspywarestealertrojan