agenttesla | f39539ed54f4562c9bd63e12dad18e036af8e29daf516ace2e0ef9e80d724849 | Triage

Sharing

General

Target

payload_unpacked
Size

239KB
Sample

250113-l2dbssxpfz
MD5

28570ed5fb1cd51e26ac2343264d52d1
SHA1

cc90e15740afd253f942627c64922b029b76c51d
SHA256

f39539ed54f4562c9bd63e12dad18e036af8e29daf516ace2e0ef9e80d724849
SHA512

649c5aeb5c7210f79ee3699d98f37680a205884656886aacc3cae0fb313c6398729ff95c8d727dd9a8a49ce0ed1e29783708cc53cb1df44b7e16d1dfe48893d8
SSDEEP

3072:lI8oEY1RPKXHGhxLGGNDMJwtFyFSF9Yd5xDCpS85t:lI8oEY1RPKXmFMJZFSF9Ywpb

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.bfm.com.mk
Port:
587
Username:
[email protected]
Password:
Sonja1234@@4321
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
mail.bfm.com.mk
Port:
587
Username:
[email protected]
Password:
Sonja1234@@4321

Targets

- Target
  
  payload_unpacked
- Size
  
  239KB
- MD5
  
  28570ed5fb1cd51e26ac2343264d52d1
- SHA1
  
  cc90e15740afd253f942627c64922b029b76c51d
- SHA256
  
  f39539ed54f4562c9bd63e12dad18e036af8e29daf516ace2e0ef9e80d724849
- SHA512
  
  649c5aeb5c7210f79ee3699d98f37680a205884656886aacc3cae0fb313c6398729ff95c8d727dd9a8a49ce0ed1e29783708cc53cb1df44b7e16d1dfe48893d8
- SSDEEP
  
  3072:lI8oEY1RPKXHGhxLGGNDMJwtFyFSF9Yd5xDCpS85t:lI8oEY1RPKXmFMJZFSF9Ywpb
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan