agenttesla | 1b3cc609a72d6119ca96e1eeef9a4473d4351a3efce09ea7b371764e4ece94d0 | Triage

Sharing

General

Target

1b3cc609a72d6119ca96e1eeef9a4473d4351a3efce09ea7b371764e4ece94d0
Size

3.5MB
Sample

240430-ccvecahe9s
MD5

c06528f70d7274fa1933d24afe4ee3c2
SHA1

7625a90bd6eaf7fb063945cc240920a988dcdb47
SHA256

1b3cc609a72d6119ca96e1eeef9a4473d4351a3efce09ea7b371764e4ece94d0
SHA512

f1936ef54a9c18af2a65aa4bd6431ec8e438a66f650174623d364133bfd040d3193f78eac04a0384cc7dc409b791b63e76c84057ebbbe58e5cba296692402b5b
SSDEEP

49152:/p98Mq2HVhxqz1fSVnikPPelaXC9mycMOPe5udCYPcNGx2/Ce1TDMDB+bbDfltun:/R1hVikXeEbSuYee1TQB+bnltU

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.ar-lupum.com
Port:
587
Username:
[email protected]
Password:
UvRjG%@@7
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
smtp.ar-lupum.com
Port:
587
Username:
[email protected]
Password:
UvRjG%@@7

Targets

- Target
  
  1b3cc609a72d6119ca96e1eeef9a4473d4351a3efce09ea7b371764e4ece94d0
- Size
  
  3.5MB
- MD5
  
  c06528f70d7274fa1933d24afe4ee3c2
- SHA1
  
  7625a90bd6eaf7fb063945cc240920a988dcdb47
- SHA256
  
  1b3cc609a72d6119ca96e1eeef9a4473d4351a3efce09ea7b371764e4ece94d0
- SHA512
  
  f1936ef54a9c18af2a65aa4bd6431ec8e438a66f650174623d364133bfd040d3193f78eac04a0384cc7dc409b791b63e76c84057ebbbe58e5cba296692402b5b
- SSDEEP
  
  49152:/p98Mq2HVhxqz1fSVnikPPelaXC9mycMOPe5udCYPcNGx2/Ce1TDMDB+bbDfltun:/R1hVikXeEbSuYee1TQB+bnltU
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan