agenttesla | 9d5c9364085d102a3da151732b74e99b9fa233993d892e6a7195c2489e999676 | Triage

Sharing

General

Target

9d5c9364085d102a3da151732b74e99b9fa233993d892e6a7195c2489e999676
Size

1.1MB
Sample

250110-bev8zswpdt
MD5

d170ac09fa52b24be85d50b6c4d0e8c9
SHA1

7d5274265a46e2bb7eab5cee7a4c742aa842ad28
SHA256

9d5c9364085d102a3da151732b74e99b9fa233993d892e6a7195c2489e999676
SHA512

5d7a3fb11b99af0d637d51738adacae04748cd3cbbc4dbe48e87f2fd9af07b984381ab84ac9b66349167ed391058770505d68944f31b6f5336e4267d246f7a53
SSDEEP

24576:aJpTq4bP+X6AdDPC5d9+VhzKnFzJ91RhTMqlMI3xpH+8i+ft3H6BpJB/:mpTzbmqAdDPC5d2hzKFP1Rhgqlxf/iM4

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
[email protected]
Password:
webmaster
Email To:
[email protected]

Targets

- Target
  
  Bank Confirmation.exe
- Size
  
  1.3MB
- MD5
  
  bc7eec0250c3a7f1a37666faf6e700ee
- SHA1
  
  1bbb105ab39e7064fe401bd0a343b7875733c9c3
- SHA256
  
  83881078433d2f3b45693e6296ed7b274c7593d7cbad3da191c6dac3aa9a3e52
- SHA512
  
  21a3ae35f65cfd5c9e59c5b44693d280f4814bdc5b6074ad86149cd053d033695dcf88d855adb541db08822e8936afea8dfc7fc9f4b800298b0f39d4c842c177
- SSDEEP
  
  24576:JTZeu+P7oCP+cMKvm6pUfTAv7iWNfcVbMWrszcX+Pv3Mw1qR:5+TfqqIAjJNEVb7ybPv3MR
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan