agenttesla | 291a115f2ec20636b3260fb781cbf7afcca1de4eaa35bae33011bb5200e867bd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7957ee20f42e7158e0fd2cd73e17b436.bin
Size

410KB
Sample

230924-b3pfcadc95
MD5

21226500c6f342f184148707f3f26998
SHA1

55a7a6e414057b516a002f5096c1b557bc55ee64
SHA256

291a115f2ec20636b3260fb781cbf7afcca1de4eaa35bae33011bb5200e867bd
SHA512

899a7488f8ead35172bed9ae2627e77a5e7aaab955e0bc60f6f846472c2f4173d50efbf2e66088ccf051ac1c54caef640dee9769d088d8bc29f2699a1d1dd6ac
SSDEEP

6144:Kn56RsIMfj9yIbW+9jcGsjSjJ/9lEOmBf7h6bI+vCkhgNXt4KM7KitaQvmZv3eSR:K5Ks3jk9GsjCJVWOr3hIXGT7KsaQe13J

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
Chibuonyenze8888
Email To:
[email protected]

Targets

- Target
  
  48e030cc0ca1af0e027949d1f16b86226e352065d9bf5eba4ca7719efe61b0cf.exe
- Size
  
  527KB
- MD5
  
  7957ee20f42e7158e0fd2cd73e17b436
- SHA1
  
  aed7c6736ede54b4d4eda9ff3cbb8e510eef2a88
- SHA256
  
  48e030cc0ca1af0e027949d1f16b86226e352065d9bf5eba4ca7719efe61b0cf
- SHA512
  
  853ceb5c1465ff9ec2df913f898710795517f5ca7b787dc63e9b9483d72785311f954e886659dc7592ce74269b65fe93e958ffde4935cf2cc7625217dc0f8fff
- SSDEEP
  
  12288:wuvgIb5G6uxzXlsjuapg2dKhtjWHmYZeIwEw:Zu52gDbYS
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan