agenttesla | eae62c4f0470d40916f7ba0eace67d1b5e8f1d62a599954a2b273abcecb240fe | Triage

Sharing

General

Target

eae62c4f0470d40916f7ba0eace67d1b5e8f1d62a599954a2b273abcecb240fe
Size

808KB
Sample

240426-bhafpagf61
MD5

a75cc815e64123afba58a49301f3885a
SHA1

ce31385cfa86ebbbbc99bf105d18726e0fd9d343
SHA256

eae62c4f0470d40916f7ba0eace67d1b5e8f1d62a599954a2b273abcecb240fe
SHA512

7bb940fe7413a31d77aa3ceae5b56fc08e4c61195acfed3a66c9ee6ce89cdc692e41353de8897e9abfdc5d3010578cc08079f50789a3e7fc1503b056741a3a6a
SSDEEP

12288:lOt8I5G8cPtP8sdE0rm1OkKCJLc/Y9ysnqY0FsAZeQzrjKEddyDZhdgc+WMe4:4L8P8sVrKOkrggWFsmz/dwD/dgn

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
cphost09.qhoster.net
Port:
587
Username:
[email protected]
Password:
[email protected]
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
cphost09.qhoster.net
Port:
587
Username:
[email protected]
Password:
[email protected]

Targets

- Target
  
  eae62c4f0470d40916f7ba0eace67d1b5e8f1d62a599954a2b273abcecb240fe
- Size
  
  808KB
- MD5
  
  a75cc815e64123afba58a49301f3885a
- SHA1
  
  ce31385cfa86ebbbbc99bf105d18726e0fd9d343
- SHA256
  
  eae62c4f0470d40916f7ba0eace67d1b5e8f1d62a599954a2b273abcecb240fe
- SHA512
  
  7bb940fe7413a31d77aa3ceae5b56fc08e4c61195acfed3a66c9ee6ce89cdc692e41353de8897e9abfdc5d3010578cc08079f50789a3e7fc1503b056741a3a6a
- SSDEEP
  
  12288:lOt8I5G8cPtP8sdE0rm1OkKCJLc/Y9ysnqY0FsAZeQzrjKEddyDZhdgc+WMe4:4L8P8sVrKOkrggWFsmz/dwD/dgn
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan