agenttesla

General

Target

8f979f812f0eba57cae2be575a30bf0622265a594c59ccae90f651fb4ebe25a6
Size

1.4MB
Sample

250115-bp1w8awkd1
MD5

7aa4201258e61a128b633b887c1f9a5e
SHA1

a550b9095dda1247af6071285428c5e870b60f0e
SHA256

8f979f812f0eba57cae2be575a30bf0622265a594c59ccae90f651fb4ebe25a6
SHA512

192c19c597b372a0ca5f01d9d5dfe8ae14bbc59ac6f41185246e4c2a8a44f04954a270727d619dc7d95d3439ee4fa1bcc49aa1b35765683870fd94d7100f8616
SSDEEP

24576:CqDEvCTbMWu7rQYlBQcBiT6rprG8aol3MIcAa2ERu8JpcnbJr:CTvC/MTQYxsWR7aoLZDMCJ

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.stilbo.eu
Port:
587
Username:
[email protected]
Password:
StilBO_#1
Email To:
[email protected]

Targets

- Target
  
  8f979f812f0eba57cae2be575a30bf0622265a594c59ccae90f651fb4ebe25a6
- Size
  
  1.4MB
- MD5
  
  7aa4201258e61a128b633b887c1f9a5e
- SHA1
  
  a550b9095dda1247af6071285428c5e870b60f0e
- SHA256
  
  8f979f812f0eba57cae2be575a30bf0622265a594c59ccae90f651fb4ebe25a6
- SHA512
  
  192c19c597b372a0ca5f01d9d5dfe8ae14bbc59ac6f41185246e4c2a8a44f04954a270727d619dc7d95d3439ee4fa1bcc49aa1b35765683870fd94d7100f8616
- SSDEEP
  
  24576:CqDEvCTbMWu7rQYlBQcBiT6rprG8aol3MIcAa2ERu8JpcnbJr:CTvC/MTQYxsWR7aoLZDMCJ
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Agenttesla family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2