agenttesla | 5442d32a6d2e98af9ac2796a9c615388fabef3194dbfea4c7b28254ffaf17e58 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PURCHASE ORDER # 12076038 & 12076020.zip
Size

632KB
Sample

221201-jtwgasha82
MD5

d774e8e3917fbd84a4d55f718e5d81e0
SHA1

4ec2dda531e8383a01ec95e762e0668fa31be8d4
SHA256

5442d32a6d2e98af9ac2796a9c615388fabef3194dbfea4c7b28254ffaf17e58
SHA512

de700c85efa0846bef9304ce814798bf9adbeb335a61c75f6579a38621316265bc7a6b43fa12741066c635c36b8a99702851e6a9c5c85947ac0005df75bb146d
SSDEEP

12288:VWPkGiSA4j/pC6OTDwosnfci+zfvYFvimHsKawhoPoy2yf4HQHiB/2GiCt:V9GiSJCbvzgEfv4sKfn12GR

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.dmstech.in
Port:
587
Username:
[email protected]
Password:
0]6F9Az.pqfd
Email To:
[email protected]

Targets

- Target
  
  PURCHASE ORDER # 12076038 & 12076020.exe
- Size
  
  811KB
- MD5
  
  c6de6c6bf618e381621a009e0677c80c
- SHA1
  
  3d5a0adf745b6b93e3eb631eea3dd8c4f604acf8
- SHA256
  
  b27f7a44bbe68d1ceb1d8d2b0a81fe4dcb9dc8047080e6a79aaca37b409cf240
- SHA512
  
  f4c396637d3ca0675f53ab53698d2681be6783b88a40aea26eaa2fc134bb9101349075cb0e1c4e40614da11d4528c731f4906b9b1b8f34b47682b53924a7ada4
- SSDEEP
  
  12288:6+XrA9MHA4jxpC6OTDCosnLcc+zfvSFXicHsWaT/T05AtGyiFr5cE8LHWc:KuLCbvx6YfvKsWL5U1NvL
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan