agenttesla | 4d74c5be1cd47d796def0c1fc36aabbef3fbc2f1a8c969153823db4e7d130bc1 | Triage

Sharing

General

Target

4d74c5be1cd47d796def0c1fc36aabbef3fbc2f1a8c969153823db4e7d130bc1
Size

38KB
Sample

250115-bvm8bayjdj
MD5

dce009023659781b440ca4fdbf13ab23
SHA1

9415fa1147479336c4b67606797d789a4359f7ff
SHA256

4d74c5be1cd47d796def0c1fc36aabbef3fbc2f1a8c969153823db4e7d130bc1
SHA512

8155e72c38484eefd0363d3aca646d94df49ea17bddb88d972d903f4f81ad23399aca31c5130329c166f8a31a65e6ca1d37c880c3d89788262f6e775d050aa79
SSDEEP

768:rYaCrxnKW6REqedz/doiSQnBe6+YXobJRfQmuLfEmDYxDjQh0ZPElNoO:rYaCrxz6ExBzSoe6+YXwgLESh0Z4NoO

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
ABwuRZS5Mjh5
Email To:
[email protected]

Targets

- Target
  
  Ref#0741022.exe
- Size
  
  90KB
- MD5
  
  7a3e6b8db40c5f09f23629546075cfad
- SHA1
  
  160346e541b0a0ec85bb34f887f95a14b1695841
- SHA256
  
  369b124b5e5194d40f24773d67f55ea81daca621a8c3633b8879f7185ae69943
- SHA512
  
  803939c3291ca7a0bfab2062263c62e1c12795ed62e6fa0d9049a4e880efac2f84371c5cf0e83d821562c7cdb2aafdda8707c2474e24b0e97674e90cec2aed54
- SSDEEP
  
  1536:GifOIxXR14PhutZT3cqLXLbegMFWpVl/mEtcDIJEiInv/mq:G2OIxB1C8tZT3cqLXLbeJWbl/mUdErn1
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan