agenttesla | 04ef3d5a26ad149fa0158024f42dfba860e23608cc9970626e028f982885613c | Triage

Sharing

General

Target

00382562524253626_1.zip
Size

479KB
Sample

230504-hys2asce3x
MD5

92ff1700aff817894be524aeeb3f801e
SHA1

e01aedfbe4af28478c5d7f9baa76cfb7c6e27d20
SHA256

04ef3d5a26ad149fa0158024f42dfba860e23608cc9970626e028f982885613c
SHA512

6da1e2b27d2c44a4b69df7c4b5b85b4b0a871f4125bc0d57c55ef89280c2e5317091cdd31d7c2b89042b1db7d2a17a18ee4c38daca09db6cdb73fed0e30f043e
SSDEEP

12288:TTxeh2RajKdn8vWTHknhOFwKYJyUHSrN7Q/eK0Lh:TTxeiaGmINKLJhSrNM/4

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.ionos.com
Port:
587
Username:
[email protected]
Password:
goodGod4real2023?.
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
smtp.ionos.com
Port:
587
Username:
[email protected]
Password:
goodGod4real2023?.

Targets

- Target
  
  00382562524253626.exe
- Size
  
  572KB
- MD5
  
  89c36bdf74a2c15aef18f4725ad37a70
- SHA1
  
  69fccaad6915755256b68f7f422c946dc1a69041
- SHA256
  
  f72ee457b7e53954dc20479dc5ae8eb4f7ad0674235292a8c348772f875b52ab
- SHA512
  
  1c2a0d20a122b7b919392842d6f08f31498bd2a84e0f7ca91dda99befa8b4b2e726ad00e5bf3b2992396c0ad99fb92a6513a9a63d26f4972c0186ba33f592292
- SSDEEP
  
  12288:F3fRnGP8BW77kzFOFIwY14UjSrN78/YEQ:zMK2NGh1TSrNw/2
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan