agenttesla | 7dd01853a735cc03f91169c1e87c336d55488afd779f122e3f7cf67305307158 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Halkbank_Ekstre_20221205_081518_066019.exe
Size

670KB
Sample

221206-rma6saef57
MD5

0e4d4ba3a52b228f88872d7c5f8c6e0b
SHA1

9576a8872aed86e7d12810fef6a3a549805f4f15
SHA256

7dd01853a735cc03f91169c1e87c336d55488afd779f122e3f7cf67305307158
SHA512

874cf11fbfbc6cf21a3068932f48da653484d73612be102ba7dd233f1ffca52aa55ee5c7fa65201d9b80d25214134b9973315ce41b89cc481c4a8771306464e9
SSDEEP

6144:dVZoFUx0/PzAmDTVpkuoHcLhF7yqfR6+XG2BPTBWjApFw24JY5ULvTiD2BYRBxZe:dVZwpzJF6uo8NF7yqp9jFw+07iD2i1F

Score

10^/10

agenttesla collection evasion keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5349655878:AAGnMhpzchQYN5RbZ88-w3gvA1SNsxWo7ts/

Targets

- Target
  
  Halkbank_Ekstre_20221205_081518_066019.exe
- Size
  
  670KB
- MD5
  
  0e4d4ba3a52b228f88872d7c5f8c6e0b
- SHA1
  
  9576a8872aed86e7d12810fef6a3a549805f4f15
- SHA256
  
  7dd01853a735cc03f91169c1e87c336d55488afd779f122e3f7cf67305307158
- SHA512
  
  874cf11fbfbc6cf21a3068932f48da653484d73612be102ba7dd233f1ffca52aa55ee5c7fa65201d9b80d25214134b9973315ce41b89cc481c4a8771306464e9
- SSDEEP
  
  6144:dVZoFUx0/PzAmDTVpkuoHcLhF7yqfR6+XG2BPTBWjApFw24JY5ULvTiD2BYRBxZe:dVZwpzJF6uo8NF7yqp9jFw+07iD2i1F
Score

10^/10

agenttesla collection evasion keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionevasionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslaevasionkeyloggerspywarestealertrojan