agenttesla | d5276411acd4deb25140faf4a84addf56cc1b0b3942d6b999fca2af749afba3b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Debit Note.pdf________________________________________________.rar
Size

544KB
Sample

231011-k4rfrsfb47
MD5

2e85adf38d7813ba3ab6d2b3405dfd32
SHA1

82466ee676744b31802d97ceb5c708a1f7281ca8
SHA256

d5276411acd4deb25140faf4a84addf56cc1b0b3942d6b999fca2af749afba3b
SHA512

abebea4cdc6a1736ae54d6b4eb46ec88ea32ae8e079e698e578f681b4e53bcc01ae82541ed1758151d1f31d313ddfd4274107ef64b06d96355a476b2930a7a57
SSDEEP

12288:dquUL5L3AGQJsdRjiQ5kjii6WKeYV8hsD7S/v9hWGo9uewFQRP7dM:dqnNctOgi3j8hQU9S9ueJRDdM

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.expertsconsultgh.co
Port:
587
Username:
[email protected]
Password:
Oppong.2012
Email To:
[email protected]

Targets

- Target
  
  Debit Note.pdf________________________________________________.exe
- Size
  
  615KB
- MD5
  
  7fbb6a922a481a1d1615ea779d924367
- SHA1
  
  35c49e1c3ec5d3b7e9fb176a41080e91d2cca3cd
- SHA256
  
  b6ae3f27029900241bf6ecd397a0686061db57ce48df21098bc27d365fc3139f
- SHA512
  
  5bacc814c9d23576fb81fed513b813cbbd54e2e56746b0f63dfa1c61132774259baaf38f3ab3f77ea8392016e7fdfb65e4ff5fc8f664dfe7c9b4282a7c75fae5
- SSDEEP
  
  12288:7NCyiRJU/Wc5qSf/rEG8sEXccJillYyPGCpG28Uc6u79Hc9+euj2L9:x5FeafogbcJybHpT80u7+oeR9
Score

10^/10

agenttesla keylogger spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan