agenttesla

General

Target

4cc75408fbdea5b473d2b825a5b975e173747657dede06e51ee5d61aba6f0a7b
Size

705KB
Sample

240727-mj4lpsxdnc
MD5

f59a285d2a3159f567d70e8fd0961c35
SHA1

00dd28a6d3dd3c0d9405bc0ed48ba38450c876a2
SHA256

4cc75408fbdea5b473d2b825a5b975e173747657dede06e51ee5d61aba6f0a7b
SHA512

b099892deeed4d875a32fc64454db3306039938e7befafe922ff14d6450d9986af686f7ea5d230b288e153e039e44aec9e786d3c681c8bfe1ee8c1d31f40deb0
SSDEEP

12288:XMXAR4hMhKsfDKai65bxxGl0WblbQu+gX2ZvxLXoBfYBObZhvNmqyEybGrG2:XMXAR4ShKGHi65vxylbQuj2Zv9YBfYBQ

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.mahesh-ent.com
Port:
587
Username:
[email protected]
Password:
M@hesh3981
Email To:
[email protected]

Targets

- Target
  
  eb89a7b195591d21c6f902d02560d4b2d1d1837fd94d404c3211e9f4ae12444d.exe
- Size
  
  1.2MB
- MD5
  
  526951b8056a2710c76cf0a533525dac
- SHA1
  
  65293f6a7d9e556403fdf1404913c0c57bb363e1
- SHA256
  
  eb89a7b195591d21c6f902d02560d4b2d1d1837fd94d404c3211e9f4ae12444d
- SHA512
  
  6b74c10ee5c9f83016e97a17c4b132a77df978017f8fd8a118cd63faa759f65de12db68b6916886c72681e5f7bdaf67ae173b19a45ab1555704e750c883b5447
- SSDEEP
  
  24576:oqDEvCTbMWu7rQYlBQcBiT6rprG8a/6nnjqKoep0fWFi1EgLQ:oTvC/MTQYxsWR7aKjqKoepBi1lL
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

1

T1555

Credentials from Web Browsers

1

T1555.003

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Credentials from Password Stores: Credentials from Web Browsers

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2