agenttesla | b4c2eb27a46ef76dd83a4f0a6666e9c9034c8a8d3580630dddadf93fb9809d72 | Triage

Sharing

General

Target

b4c2eb27a46ef76dd83a4f0a6666e9c9034c8a8d3580630dddadf93fb9809d72.exe
Size

1.3MB
Sample

250112-exva7aykdq
MD5

07caad0cbd9f69575d7ca662fe9e493f
SHA1

2898698831e9b01f2883f88216840fc23566fd4e
SHA256

b4c2eb27a46ef76dd83a4f0a6666e9c9034c8a8d3580630dddadf93fb9809d72
SHA512

dda0b046f881a1ce3c7e68435511846cbb988820f2b85923c23e5db9858e5d2dbc0d4329d6ffe1fb68423ceccd44875ca4a811d0f3ad93db427ded3d2a4df284
SSDEEP

24576:RphXFfIvZNmXcXhdkvWRC/2HnolvfCrKmSUCjvUXT/iF3pxX5FFCF:Rphah8Z+Riv9MKvU8vUGNpjFO

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
[email protected]
Password:
webmaster
Email To:
[email protected]

Targets

- Target
  
  b4c2eb27a46ef76dd83a4f0a6666e9c9034c8a8d3580630dddadf93fb9809d72.exe
- Size
  
  1.3MB
- MD5
  
  07caad0cbd9f69575d7ca662fe9e493f
- SHA1
  
  2898698831e9b01f2883f88216840fc23566fd4e
- SHA256
  
  b4c2eb27a46ef76dd83a4f0a6666e9c9034c8a8d3580630dddadf93fb9809d72
- SHA512
  
  dda0b046f881a1ce3c7e68435511846cbb988820f2b85923c23e5db9858e5d2dbc0d4329d6ffe1fb68423ceccd44875ca4a811d0f3ad93db427ded3d2a4df284
- SSDEEP
  
  24576:RphXFfIvZNmXcXhdkvWRC/2HnolvfCrKmSUCjvUXT/iF3pxX5FFCF:Rphah8Z+Riv9MKvU8vUGNpjFO
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan