agenttesla | 22d0d0c5b3370c3bd0daf3573a3257dcfe6826b3d5fb9ad381060f22b1324114 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Fuyao Glass L460 - Overdue Statements.exe
Size

1.0MB
Sample

230308-n5f8zaff41
MD5

8e4e7a200226d1efd465e94790aaea61
SHA1

b02a1655abbda9d182f4d103331011c38951c9d1
SHA256

22d0d0c5b3370c3bd0daf3573a3257dcfe6826b3d5fb9ad381060f22b1324114
SHA512

0ef9cd2376ecc9b6b7b6bf21f5097392d295b46e33efffc1bade3eb934d59ce156b827ea3fc33014f22252a471e43ba02a76fef54b0c05a9b8157ac304d47fab
SSDEEP

24576:0Az299W5VBxLYwoj27pgJEfJee7BX9LdYcPZ2KcBgzop:Z2rW5VBW1SpgJAvYcBOBd

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.mdist.us
Port:
587
Username:
[email protected]
Password:
Jobs#4321
Email To:
[email protected]

Targets

- Target
  
  Fuyao Glass L460 - Overdue Statements.exe
- Size
  
  1.0MB
- MD5
  
  8e4e7a200226d1efd465e94790aaea61
- SHA1
  
  b02a1655abbda9d182f4d103331011c38951c9d1
- SHA256
  
  22d0d0c5b3370c3bd0daf3573a3257dcfe6826b3d5fb9ad381060f22b1324114
- SHA512
  
  0ef9cd2376ecc9b6b7b6bf21f5097392d295b46e33efffc1bade3eb934d59ce156b827ea3fc33014f22252a471e43ba02a76fef54b0c05a9b8157ac304d47fab
- SSDEEP
  
  24576:0Az299W5VBxLYwoj27pgJEfJee7BX9LdYcPZ2KcBgzop:Z2rW5VBW1SpgJAvYcBOBd
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan