agenttesla | 55bb5c18efdc2bf8c89ea1adaa9d346099c88c4d6322db74e73ddf267dba0933 | Triage

Sharing

General

Target

9_Shipping Documents.rar
Size

640KB
Sample

250303-l2r5ysvny3
MD5

3cc12a059f3d6bf16dc5a68c24861dab
SHA1

1dea30fe82bbcad6a666f6839036229f10edd88b
SHA256

55bb5c18efdc2bf8c89ea1adaa9d346099c88c4d6322db74e73ddf267dba0933
SHA512

d32c207a2d5d8195fc5709fbdc43b65fdf0de608746c6371d1306d24f19e4aa1c0fdc90bb8ac6e39c1b200cf46d846773a18f77a03054a0779c12dadb60638d1
SSDEEP

12288:4uXUtPd2dJZlMzSq4swuiiN1GGKEt+aY8G/F4QdPijYXyO5Z0Tzgq5hR:qtPAdLlM+swuii/U0+ao9xJ5wcq5n

Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.ulusallojistik.com
Port:
587
Username:
[email protected]
Password:
%85U67cWRT@
Email To:
[email protected]

Targets

- Target
  
  Shipping Documents.exe
- Size
  
  1.1MB
- MD5
  
  d2284e59c46af4d0ee168bd9402096c8
- SHA1
  
  898b3c5962fc2ab88e978b50e6b26426b3990202
- SHA256
  
  4d6231eb07241ffaf6c68e0ae700b6fcbb43756774e1497fb353704284276f46
- SHA512
  
  c580f31db7545f381a48f812b4c6fc0ee32dd2eaeb3bccca8747c366f19ba18ca4d29372cac529d2182e5410fc6027b084f1f803f2910c9afa12cbf022c046c0
- SSDEEP
  
  24576:BAHnh+eWsN3skA4RV1Hom2KXMmHaxL17mrR38prwXzc5:Yh+ZkldoPK8YaxNmV3Cae
Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerpersistencespywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerpersistencespywarestealertrojan