agenttesla | 790e71d3ed88746fa4d2c5c15ae60a08ff70b6f6a19f78bd8a4a04101e6751b2 | Triage

Sharing

General

Target

790e71d3ed88746fa4d2c5c15ae60a08ff70b6f6a19f78bd8a4a04101e6751b2
Size

571KB
Sample

240902-g6jxxsvflc
MD5

b593617f5eff12947ab02c5a41531b58
SHA1

c1b4ae82e976390359e0499ff5e2e4fc80a47ec4
SHA256

790e71d3ed88746fa4d2c5c15ae60a08ff70b6f6a19f78bd8a4a04101e6751b2
SHA512

05eaa7933870f04eb18979975720267f91c286911c8e0727e2d4d3ca259113cfb5027c62b414dc6f75187c6b2cceeac0b74634c2d7a22416cb83277168dfab4d
SSDEEP

12288:UTqrydQ5QqWOvBIHakHMQsnylZV5GurAKyOgRRxyer:UTqeKQqRvB2atQ9ZV5Ge6Ocp

Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.synergyinnovationsgroup.com
Port:
587
Username:
[email protected]
Password:
C@p-Y8BoHc#?
Email To:
[email protected]

Targets

- Target
  
  790e71d3ed88746fa4d2c5c15ae60a08ff70b6f6a19f78bd8a4a04101e6751b2
- Size
  
  571KB
- MD5
  
  b593617f5eff12947ab02c5a41531b58
- SHA1
  
  c1b4ae82e976390359e0499ff5e2e4fc80a47ec4
- SHA256
  
  790e71d3ed88746fa4d2c5c15ae60a08ff70b6f6a19f78bd8a4a04101e6751b2
- SHA512
  
  05eaa7933870f04eb18979975720267f91c286911c8e0727e2d4d3ca259113cfb5027c62b414dc6f75187c6b2cceeac0b74634c2d7a22416cb83277168dfab4d
- SSDEEP
  
  12288:UTqrydQ5QqWOvBIHakHMQsnylZV5GurAKyOgRRxyer:UTqeKQqRvB2atQ9ZV5Ge6Ocp
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan