agenttesla | e57cec2b7f54b405b1618129b9328fb7b6ec4dfd4a62c9dc90f8eb3c7d83b898 | Triage

Sharing

General

Target

e57cec2b7f54b405b1618129b9328fb7b6ec4dfd4a62c9dc90f8eb3c7d83b898.exe
Size

1.1MB
Sample

240726-hf657ssbnq
MD5

21ff4cd902c6695abca7f6bfaa605ce3
SHA1

f82fc492fee45356d0ccf32d6b3e262e20ef54c3
SHA256

e57cec2b7f54b405b1618129b9328fb7b6ec4dfd4a62c9dc90f8eb3c7d83b898
SHA512

a69c690f1f8fe4eb376df749ac903645a8da401a3475de9942b2b9dbea93ae34831b3db1572f2a15e10b13ec66abc624114a32f67f0f210792db7a937897627a
SSDEEP

24576:VqDEvCTbMWu7rQYlBQcBiT6rprG8aJgVVWbyzEyY:VTvC/MTQYxsWR7aJ92

Score

10^/10

agenttesla credential_access discovery keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.boekportret.nl
Port:
587
Username:
[email protected]
Password:
pUxp80FzSh
Email To:
[email protected]

Targets

- Target
  
  e57cec2b7f54b405b1618129b9328fb7b6ec4dfd4a62c9dc90f8eb3c7d83b898.exe
- Size
  
  1.1MB
- MD5
  
  21ff4cd902c6695abca7f6bfaa605ce3
- SHA1
  
  f82fc492fee45356d0ccf32d6b3e262e20ef54c3
- SHA256
  
  e57cec2b7f54b405b1618129b9328fb7b6ec4dfd4a62c9dc90f8eb3c7d83b898
- SHA512
  
  a69c690f1f8fe4eb376df749ac903645a8da401a3475de9942b2b9dbea93ae34831b3db1572f2a15e10b13ec66abc624114a32f67f0f210792db7a937897627a
- SSDEEP
  
  24576:VqDEvCTbMWu7rQYlBQcBiT6rprG8aJgVVWbyzEyY:VTvC/MTQYxsWR7aJ92
Score

10^/10

agenttesla credential_access discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacredential_accessdiscoverykeyloggerpersistencespywarestealertrojan