agenttesla | 7f007341834ce7397c65046af35d6b9c54e36627308e0caef0ca61183a973480 | Triage

Sharing

General

Target

Ref227395588 Fw Notice for shipment with DHL - HWB 2592541501.msg
Size

612KB
Sample

240430-ag7jcseh91
MD5

7d1f4f679b1ae4aa5730ed01ce9f76ac
SHA1

9e35dbf0535f30bc6a347e89e7e02e954a165607
SHA256

7f007341834ce7397c65046af35d6b9c54e36627308e0caef0ca61183a973480
SHA512

15024f1fb17f9ee1909dde663f321bfa963f28d2e396e837c92efa0ad99df65973ff7d7d501f7e033430115bbb8e13d2b673cedd5711824c17bbccab429688b7
SSDEEP

6144:IbK/6/4VhjZ6ySmRH93qXyS8KevIl/8/vpwO4XMGdKf4xU0PrH7KjnvQWTk85Kqm:EXySuRbpGv64vPrHmnkb+NHYqXZ4fa

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
28#75@ts76#V1F8h
Email To:
[email protected]

Targets

- Target
  
  Arrival Notice_CIA_AWB_INV_Form_pdf.IMG
- Size
  
  562KB
- MD5
  
  0f3c6f0d2eccbcdc76e847ea0f62f15e
- SHA1
  
  4baf2036c231dc9a0fba13e6d7d551b27b5b4194
- SHA256
  
  49a656f7ee544b5f21726a0f0f5469bd7a15aaa4615b53c4b0dac92b4aea308b
- SHA512
  
  a3efe41ce4ae7bd4689fe41c6e1cdb41f8cb4227eae4695a961c00d3305562d59e5bc25f4221c230052a478a505ed6118f95bb09468ffc3dd282be3e849aa1f5
- SSDEEP
  
  6144:2Z6ySmRH93qXyS8KevIl/8/vpwO4XMGdKf4xU0PrH7KjnvQWTk85KqZIMHYJqE4E:ZySuRbpGv64vPrHmnkb+NHYqXZ4fa
Score

3^/10
behavioral1 behavioral2
- Target
  
  Ref227395588_pdf.scr
- Size
  
  505KB
- MD5
  
  88db09b12a478cac87ed465252c6c8f7
- SHA1
  
  0e3acd2b568bd58fcfd2e914eff2c982deb55258
- SHA256
  
  0f0b721073a35fe3e6b37d75582704acd5bdc1b3d71343e74d6fec59ac932deb
- SHA512
  
  7d228d662e3271920094e345d36597c2e6c880d12fc3cef8c3f1206711a0b49f93d2275b5527d8ce88c1e3772d0b011161d1bd16688cb9db28471a75b949ab67
- SSDEEP
  
  6144:+Z6ySmRH93qXyS8KevIl/8/vpwO4XMGdKf4xU0PrH7KjnvQWTk85KqZIMHYJqE4E:RySuRbpGv64vPrHmnkb+NHYqXZ4fa
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

agentteslakeyloggerspywarestealertrojan

behavioral4

agentteslakeyloggerspywarestealertrojan