agenttesla | b783c5832811d3db58d0292068625dd18afb76101d3ad9724c941946d93add9d | Triage

Sharing

General

Target

CONG TY TNHH RAISING VIETNAM - USD 5850.00pdf.tar
Size

1.2MB
Sample

240907-tk8qdasblq
MD5

5a10f52ac2eade5f8c3074876bd25846
SHA1

af2329e7dfdd4f50e59ab453bcb21f2a316e52b9
SHA256

b783c5832811d3db58d0292068625dd18afb76101d3ad9724c941946d93add9d
SHA512

faeb02612925c5507c54f13baaa09982c17e2cf358c2f40b0acb9932f5e7054271d3a78edefcd248ee45e1de1806640e1f84336984e6638744d913f6d72a19f5
SSDEEP

24576:eJ+1xwtAQSl/+1+LqxbmSrMixFawpA8W8:eUmolE7xbmCFSn8

Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
[email protected]
Password:
Asaprocky11
Email To:
[email protected]

Targets

- Target
  
  CONG TY TNHH RAISING VIETNAM - USD 5850.00pdf.exe
- Size
  
  1.2MB
- MD5
  
  bf18b7e885f313bb968e77db5211253f
- SHA1
  
  cef69c725141d46d3223de5240aceda86b641b57
- SHA256
  
  46ec294043413ecec9c6a8fa2c8a70d99abdc0d00003b6d31d795a76e50c7a60
- SHA512
  
  e8876eea97e98098ea0ad57825b258c698168ce5e0d08bbf094521444a15cf720ed5797db281ef868f8d0f439683436db3a93064bf2558de0d230920f6bd5173
- SSDEEP
  
  24576:NJ+1xwtAQSl/+1+LqxbmSrMixFawpA8W8:NUmolE7xbmCFSn8
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan