agenttesla | 90b01e99ca3dc23e4902fb8ea15d61aa872208b47f5ff545561688f19729bfb6 | Triage

Sharing

General

Target

advance payment.exe
Size

566KB
Sample

221018-hzyceafbdr
MD5

05c01ddc8eb7af8cb3c49dfe101db3f9
SHA1

689e211a6e4cdabf6dcd2b0cd20da68c093c6bdb
SHA256

90b01e99ca3dc23e4902fb8ea15d61aa872208b47f5ff545561688f19729bfb6
SHA512

9a388b483f4a860bcc26ac88925dd820d2e8dd9ebd439118692f978f8375116c7ac10c7d717c6ec36c0dddecceed1e015d0aa81e6f366a9e92e6d554956df027
SSDEEP

12288:kB+96l1M2VAIQw1CUHZS2XYgn3A90vvJYRijFo4DViOSkNMSh0:kB+9SLQSHZS2Xhn35hy

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.qualitysolutions.co.in
Port:
587
Username:
[email protected]
Password:
9873335231

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.qualitysolutions.co.in
Port:
587
Username:
[email protected]
Password:
9873335231
Email To:
[email protected]

Targets

- Target
  
  advance payment.exe
- Size
  
  566KB
- MD5
  
  05c01ddc8eb7af8cb3c49dfe101db3f9
- SHA1
  
  689e211a6e4cdabf6dcd2b0cd20da68c093c6bdb
- SHA256
  
  90b01e99ca3dc23e4902fb8ea15d61aa872208b47f5ff545561688f19729bfb6
- SHA512
  
  9a388b483f4a860bcc26ac88925dd820d2e8dd9ebd439118692f978f8375116c7ac10c7d717c6ec36c0dddecceed1e015d0aa81e6f366a9e92e6d554956df027
- SSDEEP
  
  12288:kB+96l1M2VAIQw1CUHZS2XYgn3A90vvJYRijFo4DViOSkNMSh0:kB+9SLQSHZS2Xhn35hy
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan