agenttesla | 7d6c22243fc187ac7fcc301a9ca4432624e0755100b6fe2e93f8c0ec880df316 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7d6c22243fc187ac7fcc301a9ca4432624e0755100b6fe2e93f8c0ec880df316.exe
Size

935KB
Sample

240710-v6jh2starb
MD5

56ab5dc6a2b9432b470aa8d9b1df858e
SHA1

c24a8a35d9d4507e21ca02a2549e910accb3ee35
SHA256

7d6c22243fc187ac7fcc301a9ca4432624e0755100b6fe2e93f8c0ec880df316
SHA512

4d70990228bcc1fd7f3d9579b3c35a99c9ebd463cb08c32f3127158de99a55bbf7c60bf15a94a0836e24726027371ec65a0bab8ae9028950ba5ed3f8c6e5520f
SSDEEP

12288:kgJ14ZdwDwhKDmqHMXf9OYIv3gSrCiKQtHllN51so3eN4/zlQrXBpfCrtORj7avO:kgL4ZdwDwhKDPMVi37f3bfucE3fC02V+

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.lumies.co.za
Port:
587
Username:
[email protected]
Password:
vj$)KFsCyFOr
Email To:
[email protected]

Targets

- Target
  
  7d6c22243fc187ac7fcc301a9ca4432624e0755100b6fe2e93f8c0ec880df316.exe
- Size
  
  935KB
- MD5
  
  56ab5dc6a2b9432b470aa8d9b1df858e
- SHA1
  
  c24a8a35d9d4507e21ca02a2549e910accb3ee35
- SHA256
  
  7d6c22243fc187ac7fcc301a9ca4432624e0755100b6fe2e93f8c0ec880df316
- SHA512
  
  4d70990228bcc1fd7f3d9579b3c35a99c9ebd463cb08c32f3127158de99a55bbf7c60bf15a94a0836e24726027371ec65a0bab8ae9028950ba5ed3f8c6e5520f
- SSDEEP
  
  12288:kgJ14ZdwDwhKDmqHMXf9OYIv3gSrCiKQtHllN51so3eN4/zlQrXBpfCrtORj7avO:kgL4ZdwDwhKDPMVi37f3bfucE3fC02V+
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2