agenttesla | ae2156b2b5fa97ac3ac3adce726694e8f944b475395108e84b06b6589981685c | Triage

Sharing

General

Target

ae2156b2b5fa97ac3ac3adce726694e8f944b475395108e84b06b6589981685c.7z
Size

36KB
Sample

250114-dh344svmbx
MD5

7a10ef9c5285ae28981fcc63a17369fb
SHA1

212501dba79eebcfe3c73ab452c7205ff4f21b44
SHA256

ae2156b2b5fa97ac3ac3adce726694e8f944b475395108e84b06b6589981685c
SHA512

0b8fa024ed5c51675db24f0f7ffd6298c40de3682db38831b15a73b82c10021a26681558a1ee2b650e0757e3ef2f116f956163c95b19522ab493338b2829d440
SSDEEP

768:vUdGnsUxi19eDZHmR1oLCuZkG7D7rrrZu0SfVj:8YsUwOBmICUkG7jrrZu0g

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
ABwuRZS5Mjh5
Email To:
[email protected]

Targets

- Target
  
  Ref#6010273.exe
- Size
  
  144KB
- MD5
  
  9ab2e43b2fc976d028d975f221df6d78
- SHA1
  
  9fdff00347a9cdaf87edfaaab4a90a4eb4fea8fa
- SHA256
  
  de34da69219e4da77015469778509fc15cb412a8f3c808124eed7a7725c519a0
- SHA512
  
  709d14bcbb1d9338ae4d518e0c525bd2ce66df016f53fb9b4db1c56ea7aea52dea5110d944d4070fd51c8ec25e5d2b5ed39fbd579853343be586470f54a80742
- SSDEEP
  
  1536:9qxqvXwcZM6y4C7cWdCE5v61GzguvoOI0ZJacItGtq5v5VKqWIXUVThUiIC/m8:92qchjx6YHvo2AtGtq5RVKjIWUpC/j
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan