agenttesla

General

Target

18cd007045e6d4677d64b2ad12a44619271b4e9a97bb321521d8ce3a7594a764
Size

710KB
Sample

220521-blbsxscaf3
MD5

922f2737a355dfab091d7eb5be3187ac
SHA1

ee2724ce5eeabc272e7e3ed8adfa3fa5d469214e
SHA256

18cd007045e6d4677d64b2ad12a44619271b4e9a97bb321521d8ce3a7594a764
SHA512

7d9a8c64696676a56dc58397939b69611433354f5662d87e28964b0a324c43e3b0222db912fc64500d6d4fcc43da11545741c8d1153ad6baf440683c86d8d755

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.infotaxis.tk
Port:
587
Username:
[email protected]
Password:
?.t$K*cdh)Gj

Targets

- Target
  
  PEDIDO Nº 865.exe
- Size
  
  648KB
- MD5
  
  0034a67d2f8ca4f40c52ec3634805b34
- SHA1
  
  019eec77d77daa3c2db7413c581c70296ad36736
- SHA256
  
  0c92c000cf6c2379961f35355527b1886d053245d90a584d8d7191bcb6ebccb6
- SHA512
  
  7e253be95b6b3100cbeb78dfdbde939207ad839b8301bef893f04c5b12bd28ed7e162c3a2501b5d810e6de80b026ce7c979e17bd06ff0cd3491d9f0d9d488c87
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2