agenttesla | 311cf8453d2d3724a5d2095634c7d03870b983dcc1c357e2ebaa4ef3ddc6fc01 | Triage

Sharing

General

Target

30f590b2370054df8174f027d5b9fa08.bin
Size

719KB
Sample

231112-b2dmfsda49
MD5

631ac303fde243be88c1272fceb0790e
SHA1

e1b141d66320fc823884868c4b62024d7fb5ad85
SHA256

311cf8453d2d3724a5d2095634c7d03870b983dcc1c357e2ebaa4ef3ddc6fc01
SHA512

e5282795f4f6625798e74a13b26306cfce650bbb72608e5e526274adaa26d5556c7aeb8b42b87452a37f612328aabc7c0c8c013e6ba351b5490a1c244ef3e824
SSDEEP

12288:B0Rkcax0ClaVj6+sVu5aIfNkTEJYxPrAjQfUyHoYDCdFYRDrdaon/zsu+C8DFrc:BvSCIVj6+4ugIyPxPE8fUSoY9rnIuuBI

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
Loverboy@123
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
Loverboy@123

Targets

- Target
  
  533f665f835376d5e5d933654b61bf3ccc2a2c0d2e560a9dca28865721060d28.exe
- Size
  
  850KB
- MD5
  
  30f590b2370054df8174f027d5b9fa08
- SHA1
  
  326d15da39c146089f75ee0eb0d436e900d5801a
- SHA256
  
  533f665f835376d5e5d933654b61bf3ccc2a2c0d2e560a9dca28865721060d28
- SHA512
  
  42d295ca708a25171a3ba94add96e10e22ce73d19cf3e36353c865b1c0c260d4aaa650dbfdeacdc89ae2f52e0896dbcfd8ca2fc66d9ee8a429ab7ca8f504a2db
- SSDEEP
  
  12288:EaDc4nal7XZkjbFGw92i3qJhBoLGjAU28tJEN9g4wjV+dpsW+199dswtUmb:Eic4IT2jbFTci3+UCUOtJEXgBjM+1zH
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan