agenttesla | 369b124b5e5194d40f24773d67f55ea81daca621a8c3633b8879f7185ae69943 | Triage

Sharing

General

Target

369b124b5e5194d40f24773d67f55ea81daca621a8c3633b8879f7185ae69943
Size

90KB
Sample

250115-bvaxzswlhs
MD5

7a3e6b8db40c5f09f23629546075cfad
SHA1

160346e541b0a0ec85bb34f887f95a14b1695841
SHA256

369b124b5e5194d40f24773d67f55ea81daca621a8c3633b8879f7185ae69943
SHA512

803939c3291ca7a0bfab2062263c62e1c12795ed62e6fa0d9049a4e880efac2f84371c5cf0e83d821562c7cdb2aafdda8707c2474e24b0e97674e90cec2aed54
SSDEEP

1536:GifOIxXR14PhutZT3cqLXLbegMFWpVl/mEtcDIJEiInv/mq:G2OIxB1C8tZT3cqLXLbeJWbl/mUdErn1

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
ABwuRZS5Mjh5
Email To:
[email protected]

Targets

- Target
  
  369b124b5e5194d40f24773d67f55ea81daca621a8c3633b8879f7185ae69943
- Size
  
  90KB
- MD5
  
  7a3e6b8db40c5f09f23629546075cfad
- SHA1
  
  160346e541b0a0ec85bb34f887f95a14b1695841
- SHA256
  
  369b124b5e5194d40f24773d67f55ea81daca621a8c3633b8879f7185ae69943
- SHA512
  
  803939c3291ca7a0bfab2062263c62e1c12795ed62e6fa0d9049a4e880efac2f84371c5cf0e83d821562c7cdb2aafdda8707c2474e24b0e97674e90cec2aed54
- SSDEEP
  
  1536:GifOIxXR14PhutZT3cqLXLbegMFWpVl/mEtcDIJEiInv/mq:G2OIxB1C8tZT3cqLXLbeJWbl/mUdErn1
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan