agenttesla | dc5a6c0264dc1bd2b948b6bf82b6912e8d7a8e691f95a2dcac4f7f6f0a5abb1e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9c790f3aa4af087605d3ca829e9e633f.exe
Size

916KB
Sample

231031-h94beahc4x
MD5

9c790f3aa4af087605d3ca829e9e633f
SHA1

6cf5bba4716741239b0dd1ec49f09cf0a0e28f66
SHA256

dc5a6c0264dc1bd2b948b6bf82b6912e8d7a8e691f95a2dcac4f7f6f0a5abb1e
SHA512

3f39600121dae26ad29f07cdcf8444816814b83bb70ee7884fa9c478adb4a298d0754ba6ce659869f7ffecd0ab03df75794b3e9fb84c516d263ebaae321fc939
SSDEEP

24576:bTbBv5rUNt/HlTycDRyQJjUZfpaOKUSdQYvH:FBetvtZRyQJchKzPvH

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mymobileorder.com
Port:
587
Username:
[email protected]
Password:
Grace@20233

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mymobileorder.com
Port:
587
Username:
[email protected]
Password:
Grace@20233
Email To:
[email protected]

Targets

- Target
  
  9c790f3aa4af087605d3ca829e9e633f.exe
- Size
  
  916KB
- MD5
  
  9c790f3aa4af087605d3ca829e9e633f
- SHA1
  
  6cf5bba4716741239b0dd1ec49f09cf0a0e28f66
- SHA256
  
  dc5a6c0264dc1bd2b948b6bf82b6912e8d7a8e691f95a2dcac4f7f6f0a5abb1e
- SHA512
  
  3f39600121dae26ad29f07cdcf8444816814b83bb70ee7884fa9c478adb4a298d0754ba6ce659869f7ffecd0ab03df75794b3e9fb84c516d263ebaae321fc939
- SSDEEP
  
  24576:bTbBv5rUNt/HlTycDRyQJjUZfpaOKUSdQYvH:FBetvtZRyQJchKzPvH
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan