agenttesla | eaa1500a912c036b7f19b85d7dcbd8b62a9c9affaef759f69e2e5d79ee79592c | Triage

Sharing

General

Target

BancaNet Empresarial_Citibanamex_3009.bat
Size

77.0MB
Sample

241004-swcawa1hmn
MD5

31dab53ef0894ef79f2016da7b629f97
SHA1

b54e30aa7d4c9c0d31ca0f9030045cfae0d06b07
SHA256

eaa1500a912c036b7f19b85d7dcbd8b62a9c9affaef759f69e2e5d79ee79592c
SHA512

d2086953797144be293e409d1b5b906cc1ab2568e0b4802fcf0afbcacaa4da0abcd45781baa82222f418395236dd5add90b2d64ac0f228eebdc4ff6fb8d3a011
SSDEEP

24576:ffmMv6Ckr7Mny5QL3YLZBQCbOKl3d63sBIJ7n:f3v+7/5QLAFb9K319

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.flujoauditorias.cl
Port:
587
Username:
[email protected]
Password:
l;0jGu7J;z_a

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.flujoauditorias.cl
Port:
587
Username:
[email protected]
Password:
l;0jGu7J;z_a
Email To:
[email protected]

Targets

- Target
  
  BancaNet Empresarial_Citibanamex_3009.bat
- Size
  
  77.0MB
- MD5
  
  31dab53ef0894ef79f2016da7b629f97
- SHA1
  
  b54e30aa7d4c9c0d31ca0f9030045cfae0d06b07
- SHA256
  
  eaa1500a912c036b7f19b85d7dcbd8b62a9c9affaef759f69e2e5d79ee79592c
- SHA512
  
  d2086953797144be293e409d1b5b906cc1ab2568e0b4802fcf0afbcacaa4da0abcd45781baa82222f418395236dd5add90b2d64ac0f228eebdc4ff6fb8d3a011
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QL3YLZBQCbOKl3d63sBIJ7n:f3v+7/5QLAFb9K319
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan