agenttesla | 0d49863fcf5e744d33391231182706529b25f3043cef1ec6b187255cfd6cfccf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Después de 4515457428.exe
Size

1.1MB
Sample

240614-hd3d8ssejq
MD5

d1c94003a566f463d0aaa30af416667d
SHA1

ab5238ffc8f7ea4331fa44ebbdb6691c2cb0bf06
SHA256

0d49863fcf5e744d33391231182706529b25f3043cef1ec6b187255cfd6cfccf
SHA512

167442392ede7057e662a5d19311e68712635da6c4a016491dde8eddf35d00c0200485e1058983fa88a63d4516871d496804ac1110a75aa0c3dd4cdf9a8c2576
SSDEEP

24576:yAHnh+eWsN3skA4RV1Hom2KXMmHavUTXC+sP6ylgBSky/jMc9v5:1h+ZkldoPK8YavUTSbvAKIcT

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.electromedica.com
Port:
587
Username:
[email protected]
Password:
2018A723?v
Email To:
[email protected]

Targets

- Target
  
  Después de 4515457428.exe
- Size
  
  1.1MB
- MD5
  
  d1c94003a566f463d0aaa30af416667d
- SHA1
  
  ab5238ffc8f7ea4331fa44ebbdb6691c2cb0bf06
- SHA256
  
  0d49863fcf5e744d33391231182706529b25f3043cef1ec6b187255cfd6cfccf
- SHA512
  
  167442392ede7057e662a5d19311e68712635da6c4a016491dde8eddf35d00c0200485e1058983fa88a63d4516871d496804ac1110a75aa0c3dd4cdf9a8c2576
- SSDEEP
  
  24576:yAHnh+eWsN3skA4RV1Hom2KXMmHavUTXC+sP6ylgBSky/jMc9v5:1h+ZkldoPK8YavUTSbvAKIcT
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan