agenttesla | 1fe7b20f84d8dfc65736de6e2b4c9d2f9c4c72b8f695d4dc10f356112140186d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1fe7b20f84d8dfc65736de6e2b4c9d2f9c4c72b8f695d4dc10f356112140186d
Size

639KB
Sample

240611-brc8yaycqg
MD5

f0fb131fd0509afcf73ababbe050269e
SHA1

807c11a8596f0a3ca979ba6472f02f39bbb70093
SHA256

1fe7b20f84d8dfc65736de6e2b4c9d2f9c4c72b8f695d4dc10f356112140186d
SHA512

565174bc909089b05ac9de5d7f31f714148d505e97d643a1b3fb714920b945cb78af264295c46e6bfceccb6e29b0db59964052e6f91c7fdf81f2288af8e72704
SSDEEP

12288:021y5STkepAMtqnl3LscRDVXFymBDbUFHnX/7A7sIPcE7jzZ9TgCGYlt8yV6zW:HM5SHAMwl3Ls0DhQmDbU+cE7R9c0rGzW

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.zoho.eu
Port:
587
Username:
[email protected]
Password:
office12#

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.zoho.eu
Port:
587
Username:
[email protected]
Password:
office12#
Email To:
[email protected]

Targets

- Target
  
  Orden#46789_2024_Optoflux_mexico_sderls.exe
- Size
  
  906KB
- MD5
  
  9b79cf9008f569169eba09528bf1730c
- SHA1
  
  7fdcc0ff2d1a8100acbe2e4e0372734bb4396bc1
- SHA256
  
  ada26de90884fdf8d203297f5f5d2db98c411cebc7a8d36114f0b1ee2b413431
- SHA512
  
  2233ab1fe358915ad2c7dd3cdc406141cd52ece73e5c05b51cac3530dc9d7b59a7ed729831f66c18200eb9e0a672987749311d641ff5a1b31e84d797fa155af0
- SSDEEP
  
  24576:nMm5SH6MIl3LkGDhsmD/U0haY/s9fXC7v:nMm5Lnl7kSUXYofXCj
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2