agenttesla | 593cc6c6fee6b9fb6ae1e0594fbb64f76b8e18b532a25df6284300061cda47c7 | Triage

Sharing

General

Target

DF PYR Y89036483.vbs
Size

23KB
Sample

240611-xpr5zaxfkg
MD5

07797f5857c697c8a1a12489e8bf76ea
SHA1

9603afb90564671147e80dee0dbca0969f047dae
SHA256

593cc6c6fee6b9fb6ae1e0594fbb64f76b8e18b532a25df6284300061cda47c7
SHA512

6452353c9cd104e8ca728764b9a6b1079c65fcd5a7df7b2aeebd2731f173201028b18e4b3f30bf9842d733be62ae91c94d50cdb2bdaf07c9ba525694f47350f3
SSDEEP

384:HkcoLqaePo/os7uoLUv5jvF8rOe/eqogMQ2JwD4odFWgVsHTqnRd0vOBc:HkcoLmPyuEUBtTd5wnWgyH2IJ

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.myhydropowered.com
Port:
587
Username:
[email protected]
Password:
0TFiRgPxmCJcdSB
Email To:
[email protected]

Targets

- Target
  
  DF PYR Y89036483.vbs
- Size
  
  23KB
- MD5
  
  07797f5857c697c8a1a12489e8bf76ea
- SHA1
  
  9603afb90564671147e80dee0dbca0969f047dae
- SHA256
  
  593cc6c6fee6b9fb6ae1e0594fbb64f76b8e18b532a25df6284300061cda47c7
- SHA512
  
  6452353c9cd104e8ca728764b9a6b1079c65fcd5a7df7b2aeebd2731f173201028b18e4b3f30bf9842d733be62ae91c94d50cdb2bdaf07c9ba525694f47350f3
- SSDEEP
  
  384:HkcoLqaePo/os7uoLUv5jvF8rOe/eqogMQ2JwD4odFWgVsHTqnRd0vOBc:HkcoLmPyuEUBtTd5wnWgyH2IJ
Score

10^/10

execution agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan