agenttesla | 811c3bc1522befd341813230bfdc0026f903eed76c4314d9a532c38acfaeab1f | Triage

Sharing

General

Target

811c3bc1522befd341813230bfdc0026f903eed76c4314d9a532c38acfaeab1f
Size

614KB
Sample

240909-rjnmpsscpr
MD5

981cc5b26fea72e118589daff8c39d2f
SHA1

3799d6fc8cb7c736a0ff010c8bdc5f8665c146f2
SHA256

811c3bc1522befd341813230bfdc0026f903eed76c4314d9a532c38acfaeab1f
SHA512

8d66b39ff9e4684aa028eaa22bcfa266d830f334c4974feef05f76a4b2ef52807781d98c33d5edd4274f4f4c5e5e7462eb6b9ea6ec0e731e99768276f2914730
SSDEEP

12288:wQ5oCwjs38mpkPBb4fyIOVACJxftK013V6IEbieJmnnA:to5YpkPBbErOVbJF71wbZEnA

Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
[email protected]
Password:
Asaprocky11
Email To:
[email protected]

Targets

- Target
  
  CONG TY TNHH RAISING VIETNAM - USD 5850.00pdf.exe
- Size
  
  1.2MB
- MD5
  
  bf18b7e885f313bb968e77db5211253f
- SHA1
  
  cef69c725141d46d3223de5240aceda86b641b57
- SHA256
  
  46ec294043413ecec9c6a8fa2c8a70d99abdc0d00003b6d31d795a76e50c7a60
- SHA512
  
  e8876eea97e98098ea0ad57825b258c698168ce5e0d08bbf094521444a15cf720ed5797db281ef868f8d0f439683436db3a93064bf2558de0d230920f6bd5173
- SSDEEP
  
  24576:NJ+1xwtAQSl/+1+LqxbmSrMixFawpA8W8:NUmolE7xbmCFSn8
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2