agenttesla | efaee864a72d63e16f51109ad25d5fb62e30537ae7b874a12e085b6e118c5b45 | Triage

Sharing

General

Target

efaee864a72d63e16f51109ad25d5fb62e30537ae7b874a12e085b6e118c5b45
Size

3.4MB
Sample

240430-bnzmrsga79
MD5

aa327362489d44e657683cc122652642
SHA1

d44d61a3523adad20ea4b041e601cc143c449a21
SHA256

efaee864a72d63e16f51109ad25d5fb62e30537ae7b874a12e085b6e118c5b45
SHA512

d650309a0db98ccd7a9de70c649a5cf1629b414d8eb04816d859e41f48060f95ea8e0171544f0da72bc39f2518a61439d0af83f410a79ef1dea19bb5382b732e
SSDEEP

49152:kp98Mq2HVhX6OT1RbNE7nj49RDDJftCdQYNvA6X72/jto2vo0A6EJ:kR1hdaGRD+dQYJAXO2vo0A68

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.italiacanda-it.com
Port:
587
Username:
[email protected]
Password:
dsrociz1
Email To:
[email protected]

Targets

- Target
  
  efaee864a72d63e16f51109ad25d5fb62e30537ae7b874a12e085b6e118c5b45
- Size
  
  3.4MB
- MD5
  
  aa327362489d44e657683cc122652642
- SHA1
  
  d44d61a3523adad20ea4b041e601cc143c449a21
- SHA256
  
  efaee864a72d63e16f51109ad25d5fb62e30537ae7b874a12e085b6e118c5b45
- SHA512
  
  d650309a0db98ccd7a9de70c649a5cf1629b414d8eb04816d859e41f48060f95ea8e0171544f0da72bc39f2518a61439d0af83f410a79ef1dea19bb5382b732e
- SSDEEP
  
  49152:kp98Mq2HVhX6OT1RbNE7nj49RDDJftCdQYNvA6X72/jto2vo0A6EJ:kR1hdaGRD+dQYJAXO2vo0A68
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan