agenttesla | 030964274f733e0ee36325bb31c5782fcdbaebe2b5b48223f294a86748e6afa8 | Triage

Sharing

General

Target

030964274f733e0ee36325bb31c5782fcdbaebe2b5b48223f294a86748e6afa8.exe
Size

653KB
Sample

250110-rhey6swncy
MD5

2223635bfd2858c030d72df51b6b9bac
SHA1

325ddb9b3d095ef1a185d71dbb1677ef86ee2128
SHA256

030964274f733e0ee36325bb31c5782fcdbaebe2b5b48223f294a86748e6afa8
SHA512

934c5ff2b10f82370781bb0b4e676c95b0dc1e1206d972f173d4239476852ded7e2f6ab3a6506243f4af05bb7217634d6e37967775fd36cf6590364dfa77dbc2
SSDEEP

12288:OT6TNcuLRQi1QKmm/SIo6I6JT/szfpdCM:BayRzzaY/szfXC

Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.zoho.eu
Port:
587
Username:
[email protected]
Password:
office12#

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.zoho.eu
Port:
587
Username:
[email protected]
Password:
office12#
Email To:
[email protected]

Targets

- Target
  
  030964274f733e0ee36325bb31c5782fcdbaebe2b5b48223f294a86748e6afa8.exe
- Size
  
  653KB
- MD5
  
  2223635bfd2858c030d72df51b6b9bac
- SHA1
  
  325ddb9b3d095ef1a185d71dbb1677ef86ee2128
- SHA256
  
  030964274f733e0ee36325bb31c5782fcdbaebe2b5b48223f294a86748e6afa8
- SHA512
  
  934c5ff2b10f82370781bb0b4e676c95b0dc1e1206d972f173d4239476852ded7e2f6ab3a6506243f4af05bb7217634d6e37967775fd36cf6590364dfa77dbc2
- SSDEEP
  
  12288:OT6TNcuLRQi1QKmm/SIo6I6JT/szfpdCM:BayRzzaY/szfXC
Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerpersistencespywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerpersistencespywarestealertrojan