agenttesla | e85c646cbcaeabc47c9b4e77e3ba1a65d27950a6d564cb988c55dee550e42e44 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PDA FILE.XLx.zip
Size

642KB
Sample

231024-l8v57adh99
MD5

aa0744bfdc8e6a693396ec61176236a7
SHA1

ce2534a6f685c450207824250c8756334b31b123
SHA256

e85c646cbcaeabc47c9b4e77e3ba1a65d27950a6d564cb988c55dee550e42e44
SHA512

5cfc75ce6d64b6a92c9d08254381b9083fe0b034e5f2f8a4924b097486cd532ac09fce1a213b08e79d6e41cf2a5682361c84cc930ca7f8ce377ad6ac372df6cb
SSDEEP

12288:P1yTc66TU7mGn48xpKu04EkQYmrQUgcqVLfODJQHdCIYcbrAYMhJY10loB:QTZ7f4CpA4Qd2lZGNQHdCIYcPAJVloB

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.unitechautomations.com
Port:
587
Username:
[email protected]
Password:
Unitech@123
Email To:
[email protected]

Targets

- Target
  
  PDA FILE.XLx.exe
- Size
  
  895KB
- MD5
  
  2cbafb80de0fd64a4279a40c9a4bf3e2
- SHA1
  
  dc7491fd3fc764461ceb813279d148a288ca1c5d
- SHA256
  
  e6b297fc5effcaa65ed935f78e8b663257f447a9f569c4da0411854fe28a75e7
- SHA512
  
  ddaf9d263df4d0a467bb3d004040f8dcc378fa79c9c74dd1b4b58772a22d89fa725538597f6d65ea84fa66cf079a87d2c2f31e7e730f29cafd2d46a8b0ebd79a
- SSDEEP
  
  12288:kIcshsDwXOBwGn48dzKG04mkQ2arQCScqpLfODJQNdCIVfCDMwzAu:72dB14Uzu8Qt2ldGNQNdCIZEX
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan