agenttesla | e4eb120e504ef9a12aa5ae750f8e2c9cc0cd0fc5358f3d9b5a00914e65fd8734 | Triage

Sharing

General

Target

e4eb120e504ef9a12aa5ae750f8e2c9cc0cd0fc5358f3d9b5a00914e65fd8734
Size

528KB
Sample

240909-kdsada1hrg
MD5

c45fc4f2f61fac1c0088499666c6c467
SHA1

16feaf6a213efc264b2ba8ffe61c72cd04c91166
SHA256

e4eb120e504ef9a12aa5ae750f8e2c9cc0cd0fc5358f3d9b5a00914e65fd8734
SHA512

a902e6cf9394d4b2aeb4a7074d000981c2f8c1beee012bac903ff91d090d65be407ff6a9d9a6028341f41ba4f5a5b3d298a9ca246d4756f34794328086b22ec8
SSDEEP

12288:KUJr0Xfbz9oDo7PUSDZAXKkls2oGt5/1nhDyMC/vIK74inFe/zWEbd:K6r0Xfn9ao7soO6kx15nDgIeFeLWEd

Score

10^/10

agenttesla credential_access discovery keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.myhydropowered.com
Port:
587
Username:
[email protected]
Password:
0nVaQweHLu8RyVL
Email To:
[email protected]

Targets

- Target
  
  Public Holiday mem_Notice 2024.exe
- Size
  
  1018KB
- MD5
  
  ab6a1838bc0306ff528bdbc6c4b00631
- SHA1
  
  806ffe2444a81a17883aa225a685f00a8744500b
- SHA256
  
  e338fccdd4b7cf652e6e6af393184ab56f96a1777afac08ba346002806e89071
- SHA512
  
  4ad4e51415b69028781d51c61e2681be1e9bbc708befa81886b68199485954cecc1ca6c948e35755537f90563304dcbb8d318c089e6f4a01b0f4610135f3841e
- SSDEEP
  
  24576:SAHnh+eWsN3skA4RV1Hom2KXMmHayxQvsQYgYPZ2Zi5U05:Vh+ZkldoPK8YayxQvsuYtD
Score

10^/10

agenttesla credential_access discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacredential_accessdiscoverykeyloggerpersistencespywarestealertrojan