agenttesla | 994ce74a48cf21a5b4a7eaa52b40b59894bc0dd5e52a67ced55e30326a221fcc | Triage

Sharing

General

Target

QUOTATION_MAYQTRA031244úPDF.scr.exe
Size

89KB
Sample

240523-wzxb1abf93
MD5

9ebb786dcb292410bd1f41f46a372418
SHA1

3a76d6602deae634b43af1b44718f5febc1cc8a6
SHA256

994ce74a48cf21a5b4a7eaa52b40b59894bc0dd5e52a67ced55e30326a221fcc
SHA512

ae350f1acf216745475c554be5fb0de35887142e4756297ffd366e9e752686c91a604eb31f93a6ff62b8511121bcfb675807a9dc6eb513be0cb87c441af2be77
SSDEEP

1536:zeK5X2n/V7tLJnkbVem85E8vqmyweZ67VMvI6IGVft6jNrwb:zXshxL5Pywp7VMg6RF0Nrwb

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
RaFv@tsTUK55@@<<!!
Email To:
[email protected]

Targets

- Target
  
  QUOTATION_MAYQTRA031244úPDF.scr.exe
- Size
  
  89KB
- MD5
  
  9ebb786dcb292410bd1f41f46a372418
- SHA1
  
  3a76d6602deae634b43af1b44718f5febc1cc8a6
- SHA256
  
  994ce74a48cf21a5b4a7eaa52b40b59894bc0dd5e52a67ced55e30326a221fcc
- SHA512
  
  ae350f1acf216745475c554be5fb0de35887142e4756297ffd366e9e752686c91a604eb31f93a6ff62b8511121bcfb675807a9dc6eb513be0cb87c441af2be77
- SSDEEP
  
  1536:zeK5X2n/V7tLJnkbVem85E8vqmyweZ67VMvI6IGVft6jNrwb:zXshxL5Pywp7VMg6RF0Nrwb
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan