agenttesla

General

Target

198715585f5e78072c91f99d06b8568baff32aa27ad608ecc7656b52310f4b41
Size

646KB
Sample

240803-bzvsysyejj
MD5

7a9f4ecb43aad378c1bbd757b7a6a309
SHA1

041b56bc8dbd2d50d6725965f3971b7869c6a39d
SHA256

198715585f5e78072c91f99d06b8568baff32aa27ad608ecc7656b52310f4b41
SHA512

6c4f8e40600a0bc49179dc0239b5aa1dbd5873549205efde7492ab974fa9e62cd4cfa2dbde8c9f26507ba0687172f45437b1541b18240a440c46652721f0c5df
SSDEEP

12288:Q8wQoNNnBIhFRF+K6LfDjqnKI44rUnPAtSc6muh3f4ODBUXjIyLbmNHioepHNNgp:sQoNNnBG6zDUP4qUpIu9fXDuXjXbmNC+

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.myhydropowered.com
Port:
587
Username:
[email protected]
Password:
0TFiRgPxmCJcdSB
Email To:
[email protected]

Targets

- Target
  
  KN_PI_final_Remittance.exe
- Size
  
  1.1MB
- MD5
  
  a35c7aa0093db5706ba9d5717613c16c
- SHA1
  
  b5572cc3c5286bb07e36b5a59103d81135f1471c
- SHA256
  
  accd2ccd2be48b4303154bb87f87d0d6897441c18ca7b16b22fbaa8b68bbacbb
- SHA512
  
  febf64d6e042047c88d56533eec5c19e8cb427ce36d0d1fd642b8e3d65b132f710d4a839488eaea1da2b978444c8b524f554bf237b56f82d91500e56805bc245
- SSDEEP
  
  24576:4qDEvCTbMWu7rQYlBQcBiT6rprG8aod0W0+d2nM:4TvC/MTQYxsWR7aoV6
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

1

T1555

Credentials from Web Browsers

1

T1555.003

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Credentials from Password Stores: Credentials from Web Browsers

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2