agenttesla | bd9e8e98b57be42915462ea8282987ebe17d779ead3d4c6461ec9e4d59150b3a | Triage

Sharing

General

Target

7botYDIX478qQdk.exe
Size

694KB
Sample

221205-r8dtssad72
MD5

2daffeb4bfe82105ae4f2a8a0285e452
SHA1

fd74adbc0716f2039cd16eaec2f6e91f968c0973
SHA256

bd9e8e98b57be42915462ea8282987ebe17d779ead3d4c6461ec9e4d59150b3a
SHA512

1c9b71a1b40c927b52a09deeaf506cff3ec799220344bca3f114208f041672869c927b0faabb700c69e41445590f3c65fad6b40446e1b8d54c761504e1725736
SSDEEP

12288:R5PuYd+V6b1momPZefRtOR9t0+6CUPsK2XUDZXipyKLBWeiOxJuui80tPuYd+V6b:bPuYd+V6bIomxiRYRL0+6Ctp2XipNvu7

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5453942321:AAF6CS9julQ6K7s5pxacNALwWJ2A52D0EC4/

Targets

- Target
  
  7botYDIX478qQdk.exe
- Size
  
  694KB
- MD5
  
  2daffeb4bfe82105ae4f2a8a0285e452
- SHA1
  
  fd74adbc0716f2039cd16eaec2f6e91f968c0973
- SHA256
  
  bd9e8e98b57be42915462ea8282987ebe17d779ead3d4c6461ec9e4d59150b3a
- SHA512
  
  1c9b71a1b40c927b52a09deeaf506cff3ec799220344bca3f114208f041672869c927b0faabb700c69e41445590f3c65fad6b40446e1b8d54c761504e1725736
- SSDEEP
  
  12288:R5PuYd+V6b1momPZefRtOR9t0+6CUPsK2XUDZXipyKLBWeiOxJuui80tPuYd+V6b:bPuYd+V6bIomxiRYRL0+6Ctp2XipNvu7
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan