agenttesla | f9d02ee4f121030e2fce71fd90cc8af17191fa891f3d2910d1a2eb42a774df00 | Triage

Sharing

General

Target

f9d02ee4f121030e2fce71fd90cc8af17191fa891f3d2910d1a2eb42a774df00
Size

595KB
Sample

240430-b9xejahd9z
MD5

47631f28b02f68c73700c903b5ab6f9b
SHA1

ce75a87a00421a800886d626dcada5e50fe134a4
SHA256

f9d02ee4f121030e2fce71fd90cc8af17191fa891f3d2910d1a2eb42a774df00
SHA512

c2a8913ad42a4d4842f69055a9af55235e98027eee727829647888bd166ac3df10970ee4eb955522d4774f871f794f2bfc6f4f4a24d7c5fddd5e0376ef53111b
SSDEEP

12288:BmR9+JYLMzLZ4n7NxbUYnVZ15Su3Bv6kAJY8ql7Dl6nIKicnR:BiROgNCYpJ3BvqxiDMIcnR

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.laboratoriosvilla.com.mx
Port:
587
Username:
[email protected]
Password:
WZ,2pliw#L)D
Email To:
[email protected]

Targets

- Target
  
  DHL AWB COMERCIAL INVOICE AND TRACKING DETAILS.exe
- Size
  
  1018KB
- MD5
  
  040e8bb1342fc8dfe5c0e6e75a42add8
- SHA1
  
  5de65513a160964c8c899d183c81df58165a0430
- SHA256
  
  cbf47edce01777d05a17e93ee52242f4912c8eb1c02f0622ecf5c0f07d27f3d6
- SHA512
  
  7aab4172f8a3fc7e8f2302d4d6d07037abd87e19591c3e40426bd5c4fbc61713fabd4bd769c98241940c6de79b62c44673ed20e59b2cc30e2575329dd4f1751f
- SSDEEP
  
  24576:QAHnh+eWsN3skA4RV1Hom2KXMmHalQ2KycCX5:Hh+ZkldoPK8YalQ9Q
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan