agenttesla | d9092c1ebe261746efcb538fccda3e27c41e8f011ebc03f5983ad8f9a9f88c4a | Triage

Sharing

General

Target

d9092c1ebe261746efcb538fccda3e27c41e8f011ebc03f5983ad8f9a9f88c4a
Size

882KB
Sample

250128-bf3pfssmak
MD5

aab6a4173ceb92692dbe30024299f01e
SHA1

b2dae66489900a449cfb14f66c1413f0a1850108
SHA256

d9092c1ebe261746efcb538fccda3e27c41e8f011ebc03f5983ad8f9a9f88c4a
SHA512

438fb090a40bade88c91dfb05abe6b1ba0474295fd3ebd5b0c14f539b29bca768eaeb20da16bbf809417690881231ae984dfb55b886b486054afd3f0e1be3c54
SSDEEP

24576:5PbkackplDNPSwv33lmaIuYgxEJisWHbJrz5ACBv:5wack7BS8lkgEyl

Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
JaR4LTajHPY5
Email To:
[email protected]

Targets

- Target
  
  d9092c1ebe261746efcb538fccda3e27c41e8f011ebc03f5983ad8f9a9f88c4a
- Size
  
  882KB
- MD5
  
  aab6a4173ceb92692dbe30024299f01e
- SHA1
  
  b2dae66489900a449cfb14f66c1413f0a1850108
- SHA256
  
  d9092c1ebe261746efcb538fccda3e27c41e8f011ebc03f5983ad8f9a9f88c4a
- SHA512
  
  438fb090a40bade88c91dfb05abe6b1ba0474295fd3ebd5b0c14f539b29bca768eaeb20da16bbf809417690881231ae984dfb55b886b486054afd3f0e1be3c54
- SSDEEP
  
  24576:5PbkackplDNPSwv33lmaIuYgxEJisWHbJrz5ACBv:5wack7BS8lkgEyl
Score

10^/10

discovery execution agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Loads dropped DLL
- Blocklisted process makes network request
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  fa299e199922b3ba833be655a8d71b75
- SHA1
  
  4d74c53bb6927a2831df93af26f3e4e4fb007797
- SHA256
  
  49a6a1c1f19574b2a247ce6c5adc0751e046d27c30912816ba415f871b74ae5d
- SHA512
  
  7ceb64d3d826762994c48ffad3ad2234410cbcdbedfce9a2dc03d18915ce22d687173f90e954d7bdb0eae76954c360059ad761aedc48cd7fa4ec29d6094f6a65
- SSDEEP
  
  96:v7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkNO38:4N8KgWAuLWxD8ZAGgmkN
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

behavioral3

behavioral4