agenttesla | 18b22003c8337f861d0f2116a758dc05e5d03de7a585a24f5cf94ec896153ffb | Triage

Sharing

General

Target

18b22003c8337f861d0f2116a758dc05e5d03de7a585a24f5cf94ec896153ffb
Size

259KB
Sample

250118-bjmseayrdn
MD5

01469b82fa2bd20bdd7356430cc35219
SHA1

a49c5c852c0e4ca464daae6ed78446c64060cdae
SHA256

18b22003c8337f861d0f2116a758dc05e5d03de7a585a24f5cf94ec896153ffb
SHA512

ac0ad7f9d572d6cc8af08ff4eb23ad95c4f9ee43d4520f7d1d863959a1a20a6f29261b3731f2c0a15d63eaeb35fc8c980a2e6ec4ff996a27bae9b888d01d012b
SSDEEP

6144:6g2W2lWoI2MydG7GldO9qDxN+CnwXolbclTr1:l2Nflk2wzv

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
UBnnnstayQMK
Email To:
[email protected]

Targets

- Target
  
  18b22003c8337f861d0f2116a758dc05e5d03de7a585a24f5cf94ec896153ffb
- Size
  
  259KB
- MD5
  
  01469b82fa2bd20bdd7356430cc35219
- SHA1
  
  a49c5c852c0e4ca464daae6ed78446c64060cdae
- SHA256
  
  18b22003c8337f861d0f2116a758dc05e5d03de7a585a24f5cf94ec896153ffb
- SHA512
  
  ac0ad7f9d572d6cc8af08ff4eb23ad95c4f9ee43d4520f7d1d863959a1a20a6f29261b3731f2c0a15d63eaeb35fc8c980a2e6ec4ff996a27bae9b888d01d012b
- SSDEEP
  
  6144:6g2W2lWoI2MydG7GldO9qDxN+CnwXolbclTr1:l2Nflk2wzv
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan