agenttesla | b5af2d6788f5ef6b154c5dcd3d07aad8c26486cdffae3bd34cf4e2df8858729e | Triage

Sharing

General

Target

b5af2d6788f5ef6b154c5dcd3d07aad8c26486cdffae3bd34cf4e2df8858729e
Size

1013KB
Sample

240523-cpfrqaad43
MD5

b00df52d56ff58117a6cd2964a3aecf8
SHA1

c14f63fe1289dc7e3f23e8f8aa207f52760a9ef9
SHA256

b5af2d6788f5ef6b154c5dcd3d07aad8c26486cdffae3bd34cf4e2df8858729e
SHA512

f0e3962a8246bb85380d691ffe79681a8f301b4a9a07e1b7cf5bed34c232fddd3c412ec206d5708827dfc79a2a3a245097f608f576a4d219ae94ac5bf2740cf6
SSDEEP

24576:RAHnh+eWsN3skA4RV1Hom2KXMmHaGhJch+bEvO0/zs5:oh+ZkldoPK8YaG3Q+bEvOz

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
s30.securelayernetwork.com
Port:
587
Username:
[email protected]
Password:
%lmb-a,[(1ty
Email To:
[email protected]

Targets

- Target
  
  b5af2d6788f5ef6b154c5dcd3d07aad8c26486cdffae3bd34cf4e2df8858729e
- Size
  
  1013KB
- MD5
  
  b00df52d56ff58117a6cd2964a3aecf8
- SHA1
  
  c14f63fe1289dc7e3f23e8f8aa207f52760a9ef9
- SHA256
  
  b5af2d6788f5ef6b154c5dcd3d07aad8c26486cdffae3bd34cf4e2df8858729e
- SHA512
  
  f0e3962a8246bb85380d691ffe79681a8f301b4a9a07e1b7cf5bed34c232fddd3c412ec206d5708827dfc79a2a3a245097f608f576a4d219ae94ac5bf2740cf6
- SSDEEP
  
  24576:RAHnh+eWsN3skA4RV1Hom2KXMmHaGhJch+bEvO0/zs5:oh+ZkldoPK8YaG3Q+bEvOz
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan