agenttesla | 5d33f0277c280c3cd3b5dc81a3e49073735ba106503e92a4b653821e730ff6b9 | Triage

Sharing

General

Target

20012025_1541_19012025_F25-Try on pdf.7z
Size

1.1MB
Sample

250120-s4vgeswqcz
MD5

87fa53d78537caa5880650b3bef26968
SHA1

8d0ce688a7936c3c75bc5ed83a6fd0c321d09318
SHA256

5d33f0277c280c3cd3b5dc81a3e49073735ba106503e92a4b653821e730ff6b9
SHA512

908aca44fcfccb47a748bdad85f2e22a6e6994195bfe90a66ade159e6e23bf543dd91df7c3b95d2627b09b931dfc1d1db3af5a6f0894392b2a55d84b59306d71
SSDEEP

24576:NdBy5w0KqCExmvYtp7fi1dy63aIPclSRjKBVr5TqfxgE6mZfSZWPttNIu2Wy00tV:Ndww0KPExC8i1C1lSC85T6mhMWPtDG0k

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
[email protected]
Password:
webmaster
Email To:
[email protected]

Targets

- Target
  
  F25-Try on pdf.exe
- Size
  
  1.3MB
- MD5
  
  dbd54a222b7f9aa1abbf19a840421ab7
- SHA1
  
  8555ea63be366d4104ea299223eab6155f7fa107
- SHA256
  
  b31b08dbbbccb893273b1cd7a9f21228eea7dbda46a2723ce34542f641eb6a46
- SHA512
  
  c22bfc1dcdd3d59d7181a3306a897c031a2cf76f9a856f9366ed47f99974b2fb06f957efcd90d3b1c355c989d7d16093635578adf7f4da26a6d923df444aff20
- SSDEEP
  
  24576:WXZiqgJiqzPiWXSRy45jKatSOwdLyroxNz71qE:WQqg8wiWXKaatsbX0E
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan