agenttesla | 6bacf77670384a05f1d69cb99036ad040616b48f2aa42c269b0e7b007ded1a6d | Triage

Sharing

General

Target

dbc9260d15a78fbca519139ac312d3da_JaffaCakes118
Size

434KB
Sample

240912-eq7yps1anp
MD5

dbc9260d15a78fbca519139ac312d3da
SHA1

a69da485e9f1f4ac01ffa9dc14c4a29fb0f91edb
SHA256

6bacf77670384a05f1d69cb99036ad040616b48f2aa42c269b0e7b007ded1a6d
SHA512

160bfbaf46da0ad08a1ee09b251ad6a2340d3e6de3f465182153171dbfe89f14601266b2db3c363eaa79d23d29fd2823418b5fbf2161ac9e601b66aec50d103c
SSDEEP

6144:DMVH0XmQm/h0qEtNRociAnPtwjq1qjqwiE282T7DFI7O6qDpjnKqysR4tvUjPpPq:DrXmQm/hPE/fiAnPtkZ2WR+prKTsUUk

Score

10^/10

agenttesla collection credential_access discovery evasion keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.totallyanonymous.com
Port:
587
Username:
[email protected]
Password:
R$i;Kx25esuR

Targets

- Target
  
  dbc9260d15a78fbca519139ac312d3da_JaffaCakes118
- Size
  
  434KB
- MD5
  
  dbc9260d15a78fbca519139ac312d3da
- SHA1
  
  a69da485e9f1f4ac01ffa9dc14c4a29fb0f91edb
- SHA256
  
  6bacf77670384a05f1d69cb99036ad040616b48f2aa42c269b0e7b007ded1a6d
- SHA512
  
  160bfbaf46da0ad08a1ee09b251ad6a2340d3e6de3f465182153171dbfe89f14601266b2db3c363eaa79d23d29fd2823418b5fbf2161ac9e601b66aec50d103c
- SSDEEP
  
  6144:DMVH0XmQm/h0qEtNRociAnPtwjq1qjqwiE282T7DFI7O6qDpjnKqysR4tvUjPpPq:DrXmQm/hPE/fiAnPtkZ2WR+prKTsUUk
Score

10^/10

agenttesla collection credential_access discovery evasion keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- AgentTesla payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Windows security modification
  evasion trojan
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectioncredential_accessdiscoveryevasionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectioncredential_accessdiscoveryevasionkeyloggerpersistencespywarestealertrojan