agenttesla

General

Target

dpetmw.iso
Size

1.8MB
Sample

221020-v2cvpsfcfm
MD5

ed25cc0eca6c94f2dbf6787682f44c96
SHA1

2c204a23fd6f23ad22b10c0b70f90e988cd4903a
SHA256

c0944f847ff90ba9cf6ddb5cc5dfd895dca2d763123385677ff4ff3445a2549d
SHA512

c15a95f278415402d3066455b97f9e50c715a5b9b13a343dec58c674214a8d9df94ca1bdd38804e8c0ab9af71e9ed9dbce0ab395767e0cf1f7b574e45cad1240
SSDEEP

24576:xAOcZT+NxxX3ENpR8SlcRDC14DS8BaCZ73QqQ5SOb2eYz:rRQYSlcNNS8BBbJNz

Score

10^/10

Malware Config

Targets

- Target
  
  IMG17613.EXE
- Size
  
  1.2MB
- MD5
  
  bcd50df1014ab4d7c735c6e5347c3a1e
- SHA1
  
  8e77d53b6388116cafcf49d3b2777ca1dcfe0d1a
- SHA256
  
  2e64e9db47d38ba509cdd4ca9b9ca2a589c9834ac2bde1d8a6e4ea89bbc47fa6
- SHA512
  
  04194528a02dd65810500977b1326c33bb57d716f72b78c128ff865223271a4543d0ef4d69fd2c3b3a8e8195391d2374c81ddf517d55b76e790d49aab10cdaed
- SSDEEP
  
  24576:pAOcZT+NxxX3ENpR8SlcRDC14DS8BaCZ73QqQ5SOb2eYzf:DRQYSlcNNS8BBbJNzf
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2