agenttesla | 790e71d3ed88746fa4d2c5c15ae60a08ff70b6f6a19f78bd8a4a04101e6751b2 | Triage

Sharing

General

Target

790e71d3ed88746fa4d2c5c15ae60a08ff70b6f6a19f78bd8a4a04101e6751b2
Size

571KB
Sample

240902-k6fr2sxaml
MD5

b593617f5eff12947ab02c5a41531b58
SHA1

c1b4ae82e976390359e0499ff5e2e4fc80a47ec4
SHA256

790e71d3ed88746fa4d2c5c15ae60a08ff70b6f6a19f78bd8a4a04101e6751b2
SHA512

05eaa7933870f04eb18979975720267f91c286911c8e0727e2d4d3ca259113cfb5027c62b414dc6f75187c6b2cceeac0b74634c2d7a22416cb83277168dfab4d
SSDEEP

12288:UTqrydQ5QqWOvBIHakHMQsnylZV5GurAKyOgRRxyer:UTqeKQqRvB2atQ9ZV5Ge6Ocp

Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.synergyinnovationsgroup.com
Port:
587
Username:
[email protected]
Password:
C@p-Y8BoHc#?
Email To:
[email protected]

Targets

- Target
  
  790e71d3ed88746fa4d2c5c15ae60a08ff70b6f6a19f78bd8a4a04101e6751b2
- Size
  
  571KB
- MD5
  
  b593617f5eff12947ab02c5a41531b58
- SHA1
  
  c1b4ae82e976390359e0499ff5e2e4fc80a47ec4
- SHA256
  
  790e71d3ed88746fa4d2c5c15ae60a08ff70b6f6a19f78bd8a4a04101e6751b2
- SHA512
  
  05eaa7933870f04eb18979975720267f91c286911c8e0727e2d4d3ca259113cfb5027c62b414dc6f75187c6b2cceeac0b74634c2d7a22416cb83277168dfab4d
- SSDEEP
  
  12288:UTqrydQ5QqWOvBIHakHMQsnylZV5GurAKyOgRRxyer:UTqeKQqRvB2atQ9ZV5Ge6Ocp
Score

10^/10

discovery agenttesla credential_access keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  014a3be4a7c1ccb217916dbf4f222bd1
- SHA1
  
  9b4c41eb0e84886beb5591d8357155e27f9c68ed
- SHA256
  
  09acfc5ee34a1dfa1af3a9d34f00c3b1327b56641feebd536e13752349c08ac8
- SHA512
  
  0f3d1bf548e29a136150b699665a3f22c6ea2821701737363fa2920b51c391d735f1eae92dea8af655e7d07304bd3d06e4aff3f5a82fa22bcf5d1690013eb922
- SSDEEP
  
  48:S46+/iTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mMofjLl:zsuPbOBtWZBV8jAWiAJCdv2CmfL
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  564bb0373067e1785cba7e4c24aab4bf
- SHA1
  
  7c9416a01d821b10b2eef97b80899d24014d6fc1
- SHA256
  
  7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5
- SHA512
  
  22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472
- SSDEEP
  
  192:nenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBDIwL:n8+Qlt70Fj/lQRY/9VjjfL
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral3

behavioral4

behavioral5

behavioral6