agenttesla

General

Target

5302c416b0abd845fe3145f910e82440588c11219940fe89fd68722260a9b508.exe
Size

2.5MB
Sample

240523-bwwabagh32
MD5

f55d77a9d704af55b0797de1435706e3
SHA1

93010de39c5e434291a439b65f6eb381b741edf3
SHA256

5302c416b0abd845fe3145f910e82440588c11219940fe89fd68722260a9b508
SHA512

0ad087c8a2290f890cb58535958566cf6a814415c58f20742d3074d27cd0e4e31f5f3d3a0a4945ec675c84ad99f9894c184ff69fcb702d19443a83729b19bddb
SSDEEP

49152:VP6hSrcCPT0J6Lg31+mYGnKDVTXShVr7oL:2ujRmYGnKDVTOr

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
BTwcMq@2
Email To:
[email protected]

Targets

- Target
  
  5302c416b0abd845fe3145f910e82440588c11219940fe89fd68722260a9b508.exe
- Size
  
  2.5MB
- MD5
  
  f55d77a9d704af55b0797de1435706e3
- SHA1
  
  93010de39c5e434291a439b65f6eb381b741edf3
- SHA256
  
  5302c416b0abd845fe3145f910e82440588c11219940fe89fd68722260a9b508
- SHA512
  
  0ad087c8a2290f890cb58535958566cf6a814415c58f20742d3074d27cd0e4e31f5f3d3a0a4945ec675c84ad99f9894c184ff69fcb702d19443a83729b19bddb
- SSDEEP
  
  49152:VP6hSrcCPT0J6Lg31+mYGnKDVTXShVr7oL:2ujRmYGnKDVTOr
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect packed .NET executables. Mostly AgentTeslaV4.
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables referencing Windows vault credential objects. Observed in infostealers
- Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- Detects executables referencing many file transfer clients. Observed in information stealers
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect packed .NET executables. Mostly AgentTeslaV4.

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Detects executables referencing Windows vault credential objects. Observed in infostealers

Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers

Detects executables referencing many email and collaboration clients. Observed in information stealers

Detects executables referencing many file transfer clients. Observed in information stealers

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2