agenttesla | 82d825c6842693921ff9436f2c09d7c755dc2489e4711321914f1020dce08bcf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

82d825c6842693921ff9436f2c09d7c755dc2489e4711321914f1020dce08bcf_JC.rar
Size

581KB
Sample

230902-ntxrkscd8w
MD5

ed4a464e8bf79ecf805cf7e1c2dcc77a
SHA1

99a562c3e8ad3f40c64b2b5fba0d8f52eed8e312
SHA256

82d825c6842693921ff9436f2c09d7c755dc2489e4711321914f1020dce08bcf
SHA512

6e782cd683af3fd72d3d4ebd62b648e003954c7c7e554dbf7094f6cc03a9f8094712f5966d6202ef70e9d76b9523db823782628d8e5624817ffcb1d703443dc2
SSDEEP

12288:iczMwV2AJKwVpXg+BNpupsFzGE4SBaMfBHCv7Hc6T3Lt/zoeNVn:iYMo2wxhBNMp8iSEhZ0eNV

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.vpindustries.co.in
Port:
587
Username:
[email protected]
Password:
saleS*9988
Email To:
[email protected]

Targets

- Target
  
  overdue invoices pdf.exe
- Size
  
  729KB
- MD5
  
  fbad6ae9a778119e7fa68a4af950ea1d
- SHA1
  
  6cac78884894a7415498c70a8e5bb0818a0535ca
- SHA256
  
  6461077970b9463db60faad97819790772c4b8cf94cc068d6a6524f5b7fc28de
- SHA512
  
  bdb0011bc91e9e0abbbefafdce79e8584cf63971c7f5ba7f73a1b46e6a3839cc033f43c842e3db4f8f435f1c9dea80ef2ff551201d8a00b007a45029dc32ebf4
- SSDEEP
  
  12288:DUOPypIzGfOUmJZeClB3/AaJzD9DhyKftDKUACZKA6Pj5wox9avEFh:DUOPypIzGWUgZxDN5D91bFKULKvPjmo6
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan