agenttesla | 05229a0ff809ba54b9bd12a8c7b46985914a25183bffbbeca6c0032cca50e19a | Triage

Sharing

General

Target

05229a0ff809ba54b9bd12a8c7b46985914a25183bffbbeca6c0032cca50e19a
Size

26KB
Sample

250121-bpxjssypcl
MD5

270b8482276a8ae9dfc6fc7eed25de01
SHA1

1aed45ec058abc931b5ab7d549082b6611b63df9
SHA256

05229a0ff809ba54b9bd12a8c7b46985914a25183bffbbeca6c0032cca50e19a
SHA512

b0144b89bb985a71226afb3c0674a33c9c6a5976c0c8c47acd518b6cec7317b821b19259a6f6b119dc60cf12d7f8b0a9ec6bf31b8e9a05e02dcafca8d197e82a
SSDEEP

384:gnpU29FNypT1vJMCQ5DtO+5qConr2+hmVBcl+Fk5WDUny9f3pT/5JTMFvQ2a:gm29SpnZ+Ki+hmFFk5WDUy9vpbTEvQ2a

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
ABwuRZS5Mjh5
Email To:
[email protected]

Targets

- Target
  
  IMG_1050327.exe
- Size
  
  67KB
- MD5
  
  e45056752a5f559a66abc1f765090c9e
- SHA1
  
  74274710275f8b155e9d5c2e8b4ba501103f12da
- SHA256
  
  ee706a6a19c17a2ac333e1234dc449e850eaf2b6180489060e45527ed6d43bd1
- SHA512
  
  63c1ddcfbb1b2a80f0b66df4d9d35e91381010e3d50816e64c1e45fd3ede65efa1d8231a6ae757ab025123eb5db2514de5afff73ba871a11674625d96067be77
- SSDEEP
  
  1536:BxZEDve8odoLHsUAGwVJFrsGd5ZhkoDcP03iInv/mq:B4DtodoLMUAGYJFrsAHcc3rnv/1
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan