agenttesla | f468e71c51b81601ee1c836199470b669e9c5dd83d931890b406dc82744bdd1a | Triage

Sharing

General

Target

Invoice AR20230714N.exe
Size

1022KB
Sample

230717-qvnleach9v
MD5

5a15707348fe2b10d72b2214f9da79a5
SHA1

eb64892227ac7fe63caf8f74d81e90601454fc64
SHA256

f468e71c51b81601ee1c836199470b669e9c5dd83d931890b406dc82744bdd1a
SHA512

1df278f1d9c509638d9e7792dbb1ff8a6916616880afd17ac30c9fcc125fe8eeb7488d5178cc7ccba3f51ceecbd0b518f6cca5fe70fea8f806d1d31608ae23e1
SSDEEP

24576:7gynjGJDNUa3EIZ9m3gZl1tt/XTFz7N5FHH+HHHHHWHVHCUXGHnHHhHraHoeXO:je5T5//XRz7rFHH+HHHHHWHVHCUXGHnt

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
webmail.mdist.us
Port:
587
Username:
[email protected]
Password:
yanin#4321

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
webmail.mdist.us
Port:
587
Username:
[email protected]
Password:
yanin#4321
Email To:
[email protected]

Targets

- Target
  
  Invoice AR20230714N.exe
- Size
  
  1022KB
- MD5
  
  5a15707348fe2b10d72b2214f9da79a5
- SHA1
  
  eb64892227ac7fe63caf8f74d81e90601454fc64
- SHA256
  
  f468e71c51b81601ee1c836199470b669e9c5dd83d931890b406dc82744bdd1a
- SHA512
  
  1df278f1d9c509638d9e7792dbb1ff8a6916616880afd17ac30c9fcc125fe8eeb7488d5178cc7ccba3f51ceecbd0b518f6cca5fe70fea8f806d1d31608ae23e1
- SSDEEP
  
  24576:7gynjGJDNUa3EIZ9m3gZl1tt/XTFz7N5FHH+HHHHHWHVHCUXGHnHHhHraHoeXO:je5T5//XRz7rFHH+HHHHHWHVHCUXGHnt
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan