agenttesla | 4d90b646a2076b8428d52c2975af86c02c27440aa871170bdefb5b5befcb3fa4 | Triage

Sharing

General

Target

4d90b646a2076b8428d52c2975af86c02c27440aa871170bdefb5b5befcb3fa4_JC.rar
Size

569KB
Sample

230930-pfr5lsda82
MD5

72382c50f31c8916e747a15310028f18
SHA1

5ca2ec0013998696ce1e8da325826a15ca3170e3
SHA256

4d90b646a2076b8428d52c2975af86c02c27440aa871170bdefb5b5befcb3fa4
SHA512

ad0e074cf579d142c0b3d7ded2d27eaacfbc5f26e67da7d7a7d60c2601277acccb202c0d42b78cb16c3af71251ed27fc9e6f12935a368124d6460c79d8cd541d
SSDEEP

12288:Z7CA1D5irXJmFVI+om9DrPpaIOhLdZx/TsdsWzclT8bJWB1ju5LAcZ+:ZmA1tijsFqNPhLBTsd754K+j

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.expertsconsultgh.co
Port:
587
Username:
[email protected]
Password:
Oppong.2012
Email To:
[email protected]

Targets

- Target
  
  EURO 387,226.pdf__________________________________________________________.exe
- Size
  
  620KB
- MD5
  
  e2a60cce724a792579929edcc3304072
- SHA1
  
  d5b1f3629656ff04f10f7a07e459f58eec5265fe
- SHA256
  
  b0f78bdc2bfc668fc39e8735344d5c6ca8f78290132b70734c76dbf436c41c44
- SHA512
  
  fb6268700c6a7b535bbc0a2460ac75952e839c42533ba63aab750d334c934be66d2ca1233067155b136a5a09e0a23af35d765158a8d25fd03e4dfcc02d379a4e
- SSDEEP
  
  12288:1B2iN4yiRJU/WcY5dT7szGcxwtUhBBmcYCLG/o0HdwjhGS0mZ1czKLNwcInJw3:r19FeX5dTgCMw0sCLG/oadIhHvcOJQnJ
Score

10^/10

agenttesla keylogger spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan