agenttesla | 6baa7d88418ff396ff940fb4247a20d82e0c54a1544b97a9a738675ff09d7395 | Triage

Sharing

General

Target

WNMKLPOM.exe
Size

776KB
Sample

240910-yhjexs1hnl
MD5

23fa0cbfe43f369add91ec3efa5e10ee
SHA1

1b088335f3a3aca7badbee0ab163b71340757143
SHA256

6baa7d88418ff396ff940fb4247a20d82e0c54a1544b97a9a738675ff09d7395
SHA512

30da1a62628d6e085d98b620e9b7ef705fee1be8a1a7355dd9f1353557480d7e825d2a6d0478977f1421618cb1215327e1648043c079c0bac7fe149a87e41616
SSDEEP

24576:5Vmsfk7iLD5y5eDQmRg0zPhlHfA4AKO9Vz1S2Sz:pqeo0QmR91lI4I9VzUV

Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://discord.com/api/webhooks/1195357500636147762/wTcRg3fQF-X958tQhh_GUJFHQMIaKcScI699hXJZD2rma64AWMXB3KbXiRQwwWAEc8-8

Targets

- Target
  
  WNMKLPOM.exe
- Size
  
  776KB
- MD5
  
  23fa0cbfe43f369add91ec3efa5e10ee
- SHA1
  
  1b088335f3a3aca7badbee0ab163b71340757143
- SHA256
  
  6baa7d88418ff396ff940fb4247a20d82e0c54a1544b97a9a738675ff09d7395
- SHA512
  
  30da1a62628d6e085d98b620e9b7ef705fee1be8a1a7355dd9f1353557480d7e825d2a6d0478977f1421618cb1215327e1648043c079c0bac7fe149a87e41616
- SSDEEP
  
  24576:5Vmsfk7iLD5y5eDQmRg0zPhlHfA4AKO9Vz1S2Sz:pqeo0QmR91lI4I9VzUV
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan