agenttesla | 8fde3c87cf614268baaec51b891ff16f4686940cdc3c9a1dcb7c5425686f197c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

resumo_carregamento_20231130.zip.rar
Size

613KB
Sample

240501-pspj9aeh6v
MD5

01f8d83417cf7fd4317623e1c35b3e69
SHA1

baf6885e8a9d8a89569d88041549b7030e92603f
SHA256

8fde3c87cf614268baaec51b891ff16f4686940cdc3c9a1dcb7c5425686f197c
SHA512

7f9e134ee8d2eabce89254f63b4a3ebc2fe5c6bcc5d97a81a5a315a0e5b48e16ee3c46d73c6962ab2b82fa31c8c5dd0a85a6f22c077d8673923025891ac3a69b
SSDEEP

12288:3uwtU2xyMiRsFiCf427SVYQqMRaZsivxwx5rZTYtDe7HPz5cjwyaHT1B:DtPibCi1x6sisthmaL5t/HT/

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.jmfresh.sg
Port:
587
Username:
[email protected]
Password:
[email protected]
Email To:
[email protected]

Targets

- Target
  
  resumo_carregamento_20231130.zip.exe
- Size
  
  1.2MB
- MD5
  
  b5b8cea582b2914e24205de97d7f98d0
- SHA1
  
  ec4beee2ad3b1f7d888caf9c0be349b707b3dbe3
- SHA256
  
  8691f5a28e8ab5c9b0bb612a9475f2720bf0b76e61a02f2342d9b8b0793c6aee
- SHA512
  
  5f5b27b46c46a6aefc16e01d893a19953a0892b42e6353d6856cf3d7af160a1123141fde6b690dbe457702488b066575605a4dfa9b27f86b1cf8d01b2de3537d
- SSDEEP
  
  24576:mqDEvCTbMWu7rQYlBQcBiT6rprG8ap1IEdkxL0UeNi2fPs:mTvC/MTQYxsWR7aoE8Ln32fP
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2