agenttesla | de34da69219e4da77015469778509fc15cb412a8f3c808124eed7a7725c519a0 | Triage

Sharing

General

Target

de34da69219e4da77015469778509fc15cb412a8f3c808124eed7a7725c519a0.exe
Size

144KB
Sample

250114-dtmaqsvpfx
MD5

9ab2e43b2fc976d028d975f221df6d78
SHA1

9fdff00347a9cdaf87edfaaab4a90a4eb4fea8fa
SHA256

de34da69219e4da77015469778509fc15cb412a8f3c808124eed7a7725c519a0
SHA512

709d14bcbb1d9338ae4d518e0c525bd2ce66df016f53fb9b4db1c56ea7aea52dea5110d944d4070fd51c8ec25e5d2b5ed39fbd579853343be586470f54a80742
SSDEEP

1536:9qxqvXwcZM6y4C7cWdCE5v61GzguvoOI0ZJacItGtq5v5VKqWIXUVThUiIC/m8:92qchjx6YHvo2AtGtq5RVKjIWUpC/j

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
ABwuRZS5Mjh5
Email To:
[email protected]

Targets

- Target
  
  de34da69219e4da77015469778509fc15cb412a8f3c808124eed7a7725c519a0.exe
- Size
  
  144KB
- MD5
  
  9ab2e43b2fc976d028d975f221df6d78
- SHA1
  
  9fdff00347a9cdaf87edfaaab4a90a4eb4fea8fa
- SHA256
  
  de34da69219e4da77015469778509fc15cb412a8f3c808124eed7a7725c519a0
- SHA512
  
  709d14bcbb1d9338ae4d518e0c525bd2ce66df016f53fb9b4db1c56ea7aea52dea5110d944d4070fd51c8ec25e5d2b5ed39fbd579853343be586470f54a80742
- SSDEEP
  
  1536:9qxqvXwcZM6y4C7cWdCE5v61GzguvoOI0ZJacItGtq5v5VKqWIXUVThUiIC/m8:92qchjx6YHvo2AtGtq5RVKjIWUpC/j
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan