agenttesla | e7a0a68cef5b51c79554cde3cd8b80593c086f9fd52b3500808ed8d43be22237 | Triage

Sharing

General

Target

e7a0a68cef5b51c79554cde3cd8b80593c086f9fd52b3500808ed8d43be22237
Size

1.1MB
Sample

240523-brscvsgf22
MD5

ef7a910bcb8ee4ef5868f776b7e94242
SHA1

3d67a944feaecd4ffaf726e2739ad43e2a59c50f
SHA256

e7a0a68cef5b51c79554cde3cd8b80593c086f9fd52b3500808ed8d43be22237
SHA512

d9b818ea8e9473a4ea000240eb0c4fdbbe8d291579cb738eac488bb695f2ba8eaf203cd1c3e26a0a2a83c25bf74c75cd044d615b4d62fac83fb6778729b6cc0c
SSDEEP

24576:2qDEvCTbMWu7rQYlBQcBiT6rprG8ap0c91zYes2j:2TvC/MTQYxsWR7ap0c91x7

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.cash4cars.nz
Port:
587
Username:
[email protected]
Password:
logs2024!
Email To:
[email protected]

Targets

- Target
  
  e7a0a68cef5b51c79554cde3cd8b80593c086f9fd52b3500808ed8d43be22237
- Size
  
  1.1MB
- MD5
  
  ef7a910bcb8ee4ef5868f776b7e94242
- SHA1
  
  3d67a944feaecd4ffaf726e2739ad43e2a59c50f
- SHA256
  
  e7a0a68cef5b51c79554cde3cd8b80593c086f9fd52b3500808ed8d43be22237
- SHA512
  
  d9b818ea8e9473a4ea000240eb0c4fdbbe8d291579cb738eac488bb695f2ba8eaf203cd1c3e26a0a2a83c25bf74c75cd044d615b4d62fac83fb6778729b6cc0c
- SSDEEP
  
  24576:2qDEvCTbMWu7rQYlBQcBiT6rprG8ap0c91zYes2j:2TvC/MTQYxsWR7ap0c91x7
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan