agenttesla

General

Target

3c81f7d44209450901c1d9fc09cccd3e6b295692bb6ce0de0d8687e5c14e76d4
Size

526KB
Sample

240907-syaj3asfma
MD5

a87f31cda14bda48c769fa980feb2a1e
SHA1

100b3a61a474a499a163f45eb12c50aaa50f2a32
SHA256

3c81f7d44209450901c1d9fc09cccd3e6b295692bb6ce0de0d8687e5c14e76d4
SHA512

754a11aae74f47647f2406d0ded7b22306aaf50de3eacc3f3d78239aca47e81ebffea2735f0f546494312bfc051b5933d793dcf9bb354e2339061200a3e93330
SSDEEP

12288:1ZWu39PRgd41FAtSac5bOWAt4wmm3qpHjsiz0KlZPe4fRPEaS:1wGPRgdJtSac5CWNYiwKlZPxR8L

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.mahesh-ent.com
Port:
587
Username:
[email protected]
Password:
M@hesh3981
Email To:
[email protected]

Targets

- Target
  
  d3956670c2fb4ab0739bff8f47efc5f6accc848960a9ec11e8bb1849dfc8a59d.exe
- Size
  
  551KB
- MD5
  
  235fd45bf6dbc62b5310a71e761ee5a6
- SHA1
  
  3ffdfbd18c6259fbc62c3cdc1f82977f9808143a
- SHA256
  
  d3956670c2fb4ab0739bff8f47efc5f6accc848960a9ec11e8bb1849dfc8a59d
- SHA512
  
  ed7b8ec2019001dfc16ab8161579104cb0d7adf7795507d23d0ddd3a0b455b46d7844e30e56bdf07567c7bff0be124b4d4ad93ad7310bc6c1817b28b3c417d82
- SSDEEP
  
  12288:3YV6MorX7qzuC3QHO9FQVHPF51jgc322X3x+XorsE5hl7qS:EBXu9HGaVH35X34pE5hlR
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

1

T1555

Credentials from Web Browsers

1

T1555.003

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Credentials from Password Stores: Credentials from Web Browsers

UPX packed file

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2