agenttesla | 230cdd39e3e80f708c62b9742f83bca9345b0c49732b067633b8409e248bde0a | Triage

Sharing

General

Target

230cdd39e3e80f708c62b9742f83bca9345b0c49732b067633b8409e248bde0a
Size

1.0MB
Sample

240523-bgs7eagb23
MD5

0bfde25a39f983c58a94d6ad2d95181e
SHA1

020285c7a771bb2f5e81badf92b558ae97932348
SHA256

230cdd39e3e80f708c62b9742f83bca9345b0c49732b067633b8409e248bde0a
SHA512

a864bdbfcdb55f6f574ca37a7d57a43ce382044dffc5eca7f1e87f79a97776f4fb9e9b984a4ad001ca4aa1fb851f45531fb22d2a0b62f4fb157a42bbe6152bc0
SSDEEP

24576:a/rEUhxLdtH9iIFaqo8kVG8QBi2oMnWldVvyKy:azvdcIFaG8//MUyf

Score

10^/10

agenttesla evasion execution keylogger persistence spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.privateemail.com
Port:
587
Username:
[email protected]
Password:
alibabawork@123

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.privateemail.com
Port:
587
Username:
[email protected]
Password:
alibabawork@123
Email To:
[email protected]

Targets

- Target
  
  230cdd39e3e80f708c62b9742f83bca9345b0c49732b067633b8409e248bde0a
- Size
  
  1.0MB
- MD5
  
  0bfde25a39f983c58a94d6ad2d95181e
- SHA1
  
  020285c7a771bb2f5e81badf92b558ae97932348
- SHA256
  
  230cdd39e3e80f708c62b9742f83bca9345b0c49732b067633b8409e248bde0a
- SHA512
  
  a864bdbfcdb55f6f574ca37a7d57a43ce382044dffc5eca7f1e87f79a97776f4fb9e9b984a4ad001ca4aa1fb851f45531fb22d2a0b62f4fb157a42bbe6152bc0
- SSDEEP
  
  24576:a/rEUhxLdtH9iIFaqo8kVG8QBi2oMnWldVvyKy:azvdcIFaG8//MUyf
Score

10^/10

execution agenttesla evasion keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslaevasionexecutionkeyloggerpersistencespywarestealertrojan