agenttesla

General

Target

03032025_0628_REQUESTFORDEMISTER-HOPPERSCALEANDCONVEYORMACHINE.pdf.exe.iso
Size

1.1MB
Sample

250303-hb1gvs1js7
MD5

d07416c63c36dff101804e549a6298e7
SHA1

fcea176ee1908384afb826d1b1d9ca79f2b9c069
SHA256

e07a053e060ade739050f6ca9fe418e4bacda6e489cea2944d47ce457e28b217
SHA512

6ba95a609a3634c5b99adf565dcd3cf5f2d1ab4cb3b2d36df096ecf0d157b28381512c437f073d2d916326891e7f581f35037a5c20db598acdf3dc1eb8315e17
SSDEEP

24576:Eu6J33O0c+JY5UZ+XC0kGso6FajkiRFijUMaLFIWY:+u0c++OCvkGs9FajkiRFcUMaFY

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
graceofgod@amen
Email To:
[email protected]

Targets

- Target
  
  REQUEST FOR DEMISTER, HOPPER SCALE AND CONVEYOR MACHINE.pdf.exe
- Size
  
  1.0MB
- MD5
  
  3117e1fea82124f77a69bb235980a466
- SHA1
  
  6ec1f0dbee329f8b50b28e8db066ed16488dcf8d
- SHA256
  
  08bb478cb1a7ea9b27e688cb320cafd8d91073cb220d3f956b5c135a50d26c86
- SHA512
  
  07b927625a333f03aa034ae23e6fe702d4666cbdcbe1a0f05d42f94ace10141f7ad08cd998533342b6a1989469c6d6394673b92b3e4117131e80fd8ea1279524
- SSDEEP
  
  24576:Au6J33O0c+JY5UZ+XC0kGso6FajkiRFijUMaLFIWY:qu0c++OCvkGs9FajkiRFcUMaFY
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Agenttesla family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2