agenttesla | 1451b7450f81b2642b3621b32c24b99c72619c4c9c35747b794eb111262cf3a8 | Triage

Sharing

General

Target

Request For Quotation RFQ1310.exe
Size

823KB
Sample

240428-kxqwnacd4s
MD5

48c4494e4bff82d39ad2ac8173c65bfb
SHA1

1f7fab7375e94b25dd32bc60fc40a76f43ca8862
SHA256

1451b7450f81b2642b3621b32c24b99c72619c4c9c35747b794eb111262cf3a8
SHA512

0cf2a5d4eddab765e7f8b1a0e56bc51a190b92fdc524ce6584ca64e834007260bd1cb3fa3380c5dea25838c1673dc5fac5e7e3879dbdcb51caf70c78cd5dde86
SSDEEP

24576:52PjKr5BNDgk95z+mdcxk3IzWTaKHfhnlMh:kk5BNskumdcK3L//Mh

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
cash@mpdxb-ae.com
Password:
dKjVwpK4 dKjVwpK4 dKjVwpK4
Email To:
cash@mpdxb-ae.com

Targets

- Target
  
  Request For Quotation RFQ1310.exe
- Size
  
  823KB
- MD5
  
  48c4494e4bff82d39ad2ac8173c65bfb
- SHA1
  
  1f7fab7375e94b25dd32bc60fc40a76f43ca8862
- SHA256
  
  1451b7450f81b2642b3621b32c24b99c72619c4c9c35747b794eb111262cf3a8
- SHA512
  
  0cf2a5d4eddab765e7f8b1a0e56bc51a190b92fdc524ce6584ca64e834007260bd1cb3fa3380c5dea25838c1673dc5fac5e7e3879dbdcb51caf70c78cd5dde86
- SSDEEP
  
  24576:52PjKr5BNDgk95z+mdcxk3IzWTaKHfhnlMh:kk5BNskumdcK3L//Mh
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan