agenttesla | 27ee6c85285e103c108fe9e2168874003370df71222a3a13f5d0d87f5772e0c4 | Triage

Sharing

General

Target

27ee6c85285e103c108fe9e2168874003370df71222a3a13f5d0d87f5772e0c4
Size

1.0MB
Sample

240614-cpa68svhll
MD5

1acfec96b14bc4dbb43836118f89e5b9
SHA1

474f6af6000edf450fcffd699e3cffaa703763fc
SHA256

27ee6c85285e103c108fe9e2168874003370df71222a3a13f5d0d87f5772e0c4
SHA512

dc4370ccb1ee5a72f3cbb5c0f79250fd49c816f5523a75652083c293e127dc4b01c54bb117a5bac240bad27f81449e974521ec269e1658276f3275d3a07b10db
SSDEEP

24576:hAHnh+eWsN3skA4RV1Hom2KXMmHaOVKh1sIlTS5:4h+ZkldoPK8YaOVoSIu

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
s30.securelayernetwork.com
Port:
587
Username:
[email protected]
Password:
%lmb-a,[(1ty
Email To:
[email protected]

Targets

- Target
  
  27ee6c85285e103c108fe9e2168874003370df71222a3a13f5d0d87f5772e0c4
- Size
  
  1.0MB
- MD5
  
  1acfec96b14bc4dbb43836118f89e5b9
- SHA1
  
  474f6af6000edf450fcffd699e3cffaa703763fc
- SHA256
  
  27ee6c85285e103c108fe9e2168874003370df71222a3a13f5d0d87f5772e0c4
- SHA512
  
  dc4370ccb1ee5a72f3cbb5c0f79250fd49c816f5523a75652083c293e127dc4b01c54bb117a5bac240bad27f81449e974521ec269e1658276f3275d3a07b10db
- SSDEEP
  
  24576:hAHnh+eWsN3skA4RV1Hom2KXMmHaOVKh1sIlTS5:4h+ZkldoPK8YaOVoSIu
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan