agenttesla

General

Target

54fcd5bae297729f5d6535ac15ff0cb203ffafd6df5e62f69b722ef6515f17b3
Size

1019KB
Sample

241122-blzvra1mev
MD5

3c792f2bce691ea44f2298245e605b55
SHA1

6cc74defed7fa682ddd20ce8815680b472cbcb04
SHA256

54fcd5bae297729f5d6535ac15ff0cb203ffafd6df5e62f69b722ef6515f17b3
SHA512

cfbf9b6c34c77fa56a8dc0f8e94ec340e426549b354b3b5ef4d7321e8af7b1689f47061ae325d7a220e3b0bc8568b5cc968c527aef5788503d09747cf86d61e6
SSDEEP

24576:5AHnh+eWsN3skA4RV1Hom2KXMmHarAT26CGXJ8zSXW5hB5:Ah+ZkldoPK8Yar+269J8Jf

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.jeanclutchgroup.top
Port:
587
Username:
[email protected]
Password:
os8Nkq9A~qSn
Email To:
[email protected]

Targets

- Target
  
  54fcd5bae297729f5d6535ac15ff0cb203ffafd6df5e62f69b722ef6515f17b3
- Size
  
  1019KB
- MD5
  
  3c792f2bce691ea44f2298245e605b55
- SHA1
  
  6cc74defed7fa682ddd20ce8815680b472cbcb04
- SHA256
  
  54fcd5bae297729f5d6535ac15ff0cb203ffafd6df5e62f69b722ef6515f17b3
- SHA512
  
  cfbf9b6c34c77fa56a8dc0f8e94ec340e426549b354b3b5ef4d7321e8af7b1689f47061ae325d7a220e3b0bc8568b5cc968c527aef5788503d09747cf86d61e6
- SSDEEP
  
  24576:5AHnh+eWsN3skA4RV1Hom2KXMmHarAT26CGXJ8zSXW5hB5:Ah+ZkldoPK8Yar+269J8Jf
Score

10^/10

agenttesla collection discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Agenttesla family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2