agenttesla | 88f9a205f2b142304fe21997e0b0c06bf4d7b0277a9aff15d464aa3c332a3a33 | Triage

Sharing

General

Target

88f9a205f2b142304fe21997e0b0c06bf4d7b0277a9aff15d464aa3c332a3a33
Size

425KB
Sample

250117-bfhpaaxkaw
MD5

6ac59cdf812e078404ced310c700a2d1
SHA1

cd655766af34c595a16fe232320349a39351e95b
SHA256

88f9a205f2b142304fe21997e0b0c06bf4d7b0277a9aff15d464aa3c332a3a33
SHA512

efb305af2a083d4b4137e2f87f37d26a1359f5eefeae61f1c0f422d5473b1d6c5c19f95751ce2d17fadb3656a51fd93d80d5ee7da74090c54a728230cb42b1ba
SSDEEP

6144:zCPXpKOghAzCyl96vNfrX+80jcBODVWKxpQP6Pq/9GjBr1:uXpC05l96lDXHA/xpRq/ojL

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
ABwuRZS5Mjh5
Email To:
[email protected]

Targets

- Target
  
  88f9a205f2b142304fe21997e0b0c06bf4d7b0277a9aff15d464aa3c332a3a33
- Size
  
  425KB
- MD5
  
  6ac59cdf812e078404ced310c700a2d1
- SHA1
  
  cd655766af34c595a16fe232320349a39351e95b
- SHA256
  
  88f9a205f2b142304fe21997e0b0c06bf4d7b0277a9aff15d464aa3c332a3a33
- SHA512
  
  efb305af2a083d4b4137e2f87f37d26a1359f5eefeae61f1c0f422d5473b1d6c5c19f95751ce2d17fadb3656a51fd93d80d5ee7da74090c54a728230cb42b1ba
- SSDEEP
  
  6144:zCPXpKOghAzCyl96vNfrX+80jcBODVWKxpQP6Pq/9GjBr1:uXpC05l96lDXHA/xpRq/ojL
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan