agenttesla

General

Target

ce46e26eae5bbf50d9ea07bb76b77addedbb3bb8282356e88bdc9da54b6e929f.exe
Size

1.2MB
Sample

240807-cm737ayanj
MD5

ec786fad02a45cd0c757e5188f194389
SHA1

dc0f16c4a56e632ff256c5fef9a098e4b7014206
SHA256

ce46e26eae5bbf50d9ea07bb76b77addedbb3bb8282356e88bdc9da54b6e929f
SHA512

a97c25426cc65ecb7d20d5b435d6c103c13630077a39168d9de211355acc1556a41610cf1a5cc334c4951f34ef95fc0e939f2d38b2be0612d315f184f3912716
SSDEEP

24576:gqDEvCTbMWu7rQYlBQcBiT6rprG8aMx/gW/miUUMPD8J9o:gTvC/MTQYxsWR7aMGW/VUUMrE

Score

10^/10

Malware Config

Targets

- Target
  
  ce46e26eae5bbf50d9ea07bb76b77addedbb3bb8282356e88bdc9da54b6e929f.exe
- Size
  
  1.2MB
- MD5
  
  ec786fad02a45cd0c757e5188f194389
- SHA1
  
  dc0f16c4a56e632ff256c5fef9a098e4b7014206
- SHA256
  
  ce46e26eae5bbf50d9ea07bb76b77addedbb3bb8282356e88bdc9da54b6e929f
- SHA512
  
  a97c25426cc65ecb7d20d5b435d6c103c13630077a39168d9de211355acc1556a41610cf1a5cc334c4951f34ef95fc0e939f2d38b2be0612d315f184f3912716
- SSDEEP
  
  24576:gqDEvCTbMWu7rQYlBQcBiT6rprG8aMx/gW/miUUMPD8J9o:gTvC/MTQYxsWR7aMGW/VUUMrE
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

1

T1555

Credentials from Web Browsers

1

T1555.003

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Credentials from Password Stores: Credentials from Web Browsers

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2