agenttesla

General

Target

Printerhp_Scan shipdocs.pdf.arj
Size

624KB
Sample

240808-n9fg8staqn
MD5

fc411a163621da0f00f1798c0df50ed9
SHA1

b70681897788e31b6510dfc23075ecee1cb9d542
SHA256

c44771fda8ab48c96941445745f13cda96054fdffbe8f9768348a2ceb7a4a1c9
SHA512

589a0bc4d238b4d2b51be80adbd6edb9d3a44300c75db32add6d47f539c6b996077d8d8c7013206d835573dc17f2d87dfcf654b6d0f7179b2845d2219ceb556e
SSDEEP

12288:ZSGXnLkVwqh8qWbaSj0LabqznMRgjczojsbZ1XNnMhXFy8Llc:QG7kuk8iSALabonMR7og9GFbc

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.myhydropowered.com
Port:
587
Username:
[email protected]
Password:
nW5AoStmqtxtXpA

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.myhydropowered.com
Port:
587
Username:
[email protected]
Password:
nW5AoStmqtxtXpA
Email To:
[email protected]

Targets

- Target
  
  Printerhp_Scan shipdocs pdf.exe
- Size
  
  648KB
- MD5
  
  682c5f7b82797efe8163e15865817d36
- SHA1
  
  515000c33157ff45f38536d26b3ec092901977c9
- SHA256
  
  30506cb061d4a4acc16ac2885769ea3d6330b923524457e9c1d7d88aad2fc60f
- SHA512
  
  a3724ff879c29d7fe430ec567419c615e439b331322fc7a3e9c2a7c7d3692d62c47bfaab63df107cc6384ae7517197f045aac68fcaaba56e28e343a26155a589
- SSDEEP
  
  12288:WsHzOUNUSB/o5LsI1uwajJ5yvv1l2LiCMaD7YjibZ1XN3ohXFU8LQo:5iUmSB/o5d1ubcv/QYO9qFl
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

1

T1555

Credentials from Web Browsers

1

T1555.003

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Credentials from Password Stores: Credentials from Web Browsers

UPX packed file

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2