agenttesla | 2840713168207a6e525f063d426ea27c80f2257b6c3b78e26c9952335b70d6d7 | Triage

Sharing

General

Target

2840713168207a6e525f063d426ea27c80f2257b6c3b78e26c9952335b70d6d7
Size

633KB
Sample

241017-b4fvlavhlc
MD5

89f6029c3810bbbe19a95e99a0019592
SHA1

5022964edca9610fdb6beb11b7e9bb1e59763f79
SHA256

2840713168207a6e525f063d426ea27c80f2257b6c3b78e26c9952335b70d6d7
SHA512

4013cebbf0b0f39348a4352fd591fffce9113964925b3562f0ca14a82a0b61861e3bf62cb691db6a6e7dcfdb0fcaec50946ce00dc1ffead12f8c8cc1ef9f71c4
SSDEEP

12288:4f+uVTySxwUtix5NQKSekK0oVVU8s5xWonVpZgFCld5E37kAv43gm4YaaG:GjVTXWtx5M3K1c5xWoVAFsDEfm1VaZ

Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
nhpe dfhf irbv bqxe

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
nhpe dfhf irbv bqxe
Email To:
[email protected]

Targets

- Target
  
  orig.eml.exe
- Size
  
  781KB
- MD5
  
  b18d405d583c06c41cce7f63c78a802a
- SHA1
  
  28b19058141d53c08948af6b89fd6409b3924ad5
- SHA256
  
  914593c3a4ec4f8b63537ea8bc08079cdace1b6ddcff95d1ede0b49eb11da709
- SHA512
  
  58f65689fb2a58da9a359a5d38b7640857001b546b798c48f7c189b35b87bc6e159cbebf9a54c3e3ffca0eb6362f6be7ae05a65108ef5299e6553e201f24f10d
- SSDEEP
  
  12288:EtmU+gdBSt4tnO5N3KSekX08rVU8t5xWonVp4g0Cla+ve7bAvANa24jV:Et1+GO5Z3XTr5xWoV90sjvzE1
Score

10^/10

discovery execution agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan