agenttesla | 9bdb5db36a0d82f4cbdc06a3cec49c6ba164be2b7c62e236d3b4ee3c5ebd73a1 | Triage

Sharing

General

Target

AWB #3827747403.exe
Size

967KB
Sample

230310-hgxyxsdf6t
MD5

85e3d11ed86882201474adead2d4b102
SHA1

05348ce84bc06ef24aa4ac35ad35e80cb8725565
SHA256

9bdb5db36a0d82f4cbdc06a3cec49c6ba164be2b7c62e236d3b4ee3c5ebd73a1
SHA512

542ee81c4a37e0f531193e26ab13cec295f57b9656d49616216c7f6e44c254e4aadfa0b8917b270db0364086d83346939382d1be844df752ca989c2814031cac
SSDEEP

12288:Z3yifFlLKHFjcsqUWv2ir0ZNKgjMOQKf5pV2cZD1+RLQT+OGzd70BmuFfJxUWbde:dyiFvTOKgIO7BD2cpdid70BDrSWbrc

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
marcellinus360

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
marcellinus360

Targets

- Target
  
  AWB #3827747403.exe
- Size
  
  967KB
- MD5
  
  85e3d11ed86882201474adead2d4b102
- SHA1
  
  05348ce84bc06ef24aa4ac35ad35e80cb8725565
- SHA256
  
  9bdb5db36a0d82f4cbdc06a3cec49c6ba164be2b7c62e236d3b4ee3c5ebd73a1
- SHA512
  
  542ee81c4a37e0f531193e26ab13cec295f57b9656d49616216c7f6e44c254e4aadfa0b8917b270db0364086d83346939382d1be844df752ca989c2814031cac
- SSDEEP
  
  12288:Z3yifFlLKHFjcsqUWv2ir0ZNKgjMOQKf5pV2cZD1+RLQT+OGzd70BmuFfJxUWbde:dyiFvTOKgIO7BD2cpdid70BDrSWbrc
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan