agenttesla | 35e6f97e7b41e640887cd183f0dd4d836e05e42000871be773f2d9468f387e5e | Triage

Sharing

General

Target

Ödeme_2024_06_12s᠎x᠎l᠎x᠎..exe
Size

3.4MB
Sample

240613-l8j3xsybnk
MD5

cc3f854f2997663096d88222cc601dea
SHA1

78f6ae662e7a88d63142c4c1627edfc848497ec0
SHA256

35e6f97e7b41e640887cd183f0dd4d836e05e42000871be773f2d9468f387e5e
SHA512

c06ed15281e168a36304b6b19d189bd62b00367446d456866b00f285e15ae4c136a48d329436c928fb3feabddb545a53aad0537ac4858aee25bd04ca3b2d519a
SSDEEP

12288:1Js3+SBcMHZvk2YwKANlsQRjj/8cCmKOP/A3sYAcIn2KfOTE:1y3TeukXQVj/lCmKOXXYQ9mTE

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.oserfech.eu
Port:
587
Username:
[email protected]
Password:
Epicoffice@2024

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.oserfech.eu
Port:
587
Username:
[email protected]
Password:
Epicoffice@2024
Email To:
[email protected]

Targets

- Target
  
  Ödeme_2024_06_12s᠎x᠎l᠎x᠎..exe
- Size
  
  3.4MB
- MD5
  
  cc3f854f2997663096d88222cc601dea
- SHA1
  
  78f6ae662e7a88d63142c4c1627edfc848497ec0
- SHA256
  
  35e6f97e7b41e640887cd183f0dd4d836e05e42000871be773f2d9468f387e5e
- SHA512
  
  c06ed15281e168a36304b6b19d189bd62b00367446d456866b00f285e15ae4c136a48d329436c928fb3feabddb545a53aad0537ac4858aee25bd04ca3b2d519a
- SSDEEP
  
  12288:1Js3+SBcMHZvk2YwKANlsQRjj/8cCmKOP/A3sYAcIn2KfOTE:1y3TeukXQVj/lCmKOXXYQ9mTE
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan