agenttesla

General

Target

50f47ffbad8c8fd86fcd6e91e1b13d36ffc59e8b461be8e0c4639e2df6c47930
Size

1003KB
Sample

250115-bqy41sxraq
MD5

add82623d5a74ee9807c22314f460444
SHA1

a9fa41ec31e11ca6da0f9cca12f213180cc83852
SHA256

50f47ffbad8c8fd86fcd6e91e1b13d36ffc59e8b461be8e0c4639e2df6c47930
SHA512

f012e73d41507bdf8534ca5945a1f6301614f2753dfcfd13825107b1e7667f30616bdab2ecb1f19689fae9f7dfeca538c9bf7428bef0d823dd6d5283eb4fe474
SSDEEP

24576:+eVvjq/LAiPGjGBR+06s2cKkYYVY83puPbVct:JVvjYFujGBM0ojn8cVu

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.stilbo.eu
Port:
587
Username:
[email protected]
Password:
StilBO_#1
Email To:
[email protected]

Targets

- Target
  
  SHIPPING DOCUMENTS#JAN25.exe
- Size
  
  1.4MB
- MD5
  
  7aa4201258e61a128b633b887c1f9a5e
- SHA1
  
  a550b9095dda1247af6071285428c5e870b60f0e
- SHA256
  
  8f979f812f0eba57cae2be575a30bf0622265a594c59ccae90f651fb4ebe25a6
- SHA512
  
  192c19c597b372a0ca5f01d9d5dfe8ae14bbc59ac6f41185246e4c2a8a44f04954a270727d619dc7d95d3439ee4fa1bcc49aa1b35765683870fd94d7100f8616
- SSDEEP
  
  24576:CqDEvCTbMWu7rQYlBQcBiT6rprG8aol3MIcAa2ERu8JpcnbJr:CTvC/MTQYxsWR7aoLZDMCJ
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Drops startup file
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

System Network Configuration Discovery

1

T1016

Internet Connection Discovery

1

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Agenttesla family

Drops startup file

Executes dropped EXE

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2