agenttesla | eaf20ad854f80807bd949445ba8369551978aad0350e5177568383f493703e88 | Triage

Sharing

General

Target

eaf20ad854f80807bd949445ba8369551978aad0350e5177568383f493703e88
Size

1.0MB
Sample

240522-by8nesgb46
MD5

4d8f166bcb90b156bd3c655d592f4ba2
SHA1

63db250b7d414c20ac0b926eba2de97e14188c6e
SHA256

eaf20ad854f80807bd949445ba8369551978aad0350e5177568383f493703e88
SHA512

ea31ae746c27c3afd1953667607855cce7ff9afdd5a47c3405b6374049248742773e0f6ff9e0652e524c515881d7ff8f40d8e894f8f68cfa603caedfa8e819e4
SSDEEP

24576:fAHnh+eWsN3skA4RV1Hom2KXMmHak1kJRCF6N5:Ch+ZkldoPK8Yauk6G

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.shreeearthing.com
Port:
587
Username:
[email protected]
Password:
nikita1997

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.shreeearthing.com
Port:
587
Username:
[email protected]
Password:
nikita1997
Email To:
[email protected]

Targets

- Target
  
  eaf20ad854f80807bd949445ba8369551978aad0350e5177568383f493703e88
- Size
  
  1.0MB
- MD5
  
  4d8f166bcb90b156bd3c655d592f4ba2
- SHA1
  
  63db250b7d414c20ac0b926eba2de97e14188c6e
- SHA256
  
  eaf20ad854f80807bd949445ba8369551978aad0350e5177568383f493703e88
- SHA512
  
  ea31ae746c27c3afd1953667607855cce7ff9afdd5a47c3405b6374049248742773e0f6ff9e0652e524c515881d7ff8f40d8e894f8f68cfa603caedfa8e819e4
- SSDEEP
  
  24576:fAHnh+eWsN3skA4RV1Hom2KXMmHak1kJRCF6N5:Ch+ZkldoPK8Yauk6G
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan