agenttesla | b2b0006585ba86458d9207e94e10fec7379e1445419772af417953cd4d689531 | Triage

Sharing

General

Target

b2b0006585ba86458d9207e94e10fec7379e1445419772af417953cd4d689531
Size

1.0MB
Sample

240523-ct33taad6t
MD5

f27ad4ab520013e2f76d51af512b5b31
SHA1

c9cbd71c2d3cd1ee4581babae82db446f82e7e42
SHA256

b2b0006585ba86458d9207e94e10fec7379e1445419772af417953cd4d689531
SHA512

736cfb8351dda3bfa7ea25194960fb66d48439ea46e96022ff8f048efaa7185000222f01fb5b7fc6003c603de37e94db09b390f1f339cb3d09fa81b9cc04b4c2
SSDEEP

24576:7AHnh+eWsN3skA4RV1Hom2KXMmHaT16Y9lbuyK6j5:Wh+ZkldoPK8Ya5Pb1v

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.finolexpipes.com
Port:
587
Username:
[email protected]
Password:
Finolex@678
Email To:
[email protected]

Targets

- Target
  
  b2b0006585ba86458d9207e94e10fec7379e1445419772af417953cd4d689531
- Size
  
  1.0MB
- MD5
  
  f27ad4ab520013e2f76d51af512b5b31
- SHA1
  
  c9cbd71c2d3cd1ee4581babae82db446f82e7e42
- SHA256
  
  b2b0006585ba86458d9207e94e10fec7379e1445419772af417953cd4d689531
- SHA512
  
  736cfb8351dda3bfa7ea25194960fb66d48439ea46e96022ff8f048efaa7185000222f01fb5b7fc6003c603de37e94db09b390f1f339cb3d09fa81b9cc04b4c2
- SSDEEP
  
  24576:7AHnh+eWsN3skA4RV1Hom2KXMmHaT16Y9lbuyK6j5:Wh+ZkldoPK8Ya5Pb1v
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2