agenttesla | 6d033582691fbfed1308554793024626bcc07d07e904aca0d26f93f2a083893d | Triage

Sharing

General

Target

INV01562.pdf.exe
Size

997KB
Sample

230920-h68fysef6x
MD5

68903a58dc8c61f5b9c13ddf753be9d5
SHA1

1f91c9345407ec20fe08243ffea1db32c8d7fb27
SHA256

6d033582691fbfed1308554793024626bcc07d07e904aca0d26f93f2a083893d
SHA512

00deaad5b6265600c733547f83c58bf668db884656aff28af6a4dcc671fa5764d568551bcc3e37970d132374488163f9dcb4b3eb30f621e6836e6cb7c41a7536
SSDEEP

12288:ADZ08bolxtBHkQMGKx58qTt5MpfMBARLd5h15sHogdEkBPbQpqJ/d2TU0:TtmsKxgpfMCRR5h15sIg6kBPYQP0

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.frontierfulfillment.com.my
Port:
587
Username:
[email protected]
Password:
5_8B6kjVm
Email To:
[email protected]

Targets

- Target
  
  INV01562.pdf.exe
- Size
  
  997KB
- MD5
  
  68903a58dc8c61f5b9c13ddf753be9d5
- SHA1
  
  1f91c9345407ec20fe08243ffea1db32c8d7fb27
- SHA256
  
  6d033582691fbfed1308554793024626bcc07d07e904aca0d26f93f2a083893d
- SHA512
  
  00deaad5b6265600c733547f83c58bf668db884656aff28af6a4dcc671fa5764d568551bcc3e37970d132374488163f9dcb4b3eb30f621e6836e6cb7c41a7536
- SSDEEP
  
  12288:ADZ08bolxtBHkQMGKx58qTt5MpfMBARLd5h15sHogdEkBPbQpqJ/d2TU0:TtmsKxgpfMCRR5h15sIg6kBPYQP0
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan