agenttesla | 6398b922ae61c54c8ccc93725d584c8e3f0c3005716cd21fd63fb79e3bc78836 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2.exe
Size

1.2MB
Sample

231115-rlqvvabc66
MD5

f1f4e44db60a703626fbec7f85cc134e
SHA1

33aec5ec1bdfdf55b4b0f53eed4633322a155e07
SHA256

6398b922ae61c54c8ccc93725d584c8e3f0c3005716cd21fd63fb79e3bc78836
SHA512

370332d5d7a0b46fa14289e2383742cb2389d823974ed73b25b9b8c50fe362b57515ba209b55bc9a393c8b5ba9c10e1993c5186ce81fcbded191cf322e9fd353
SSDEEP

24576:e0/2xXHPeR1C4PcEJ902Ai+ShpP8rnI4zPE60:qxXHPeR15cEJbTvsnI4f0

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.unitechautomations.com
Port:
587
Username:
[email protected]
Password:
Unitech@123
Email To:
[email protected]

Targets

- Target
  
  2.exe
- Size
  
  1.2MB
- MD5
  
  f1f4e44db60a703626fbec7f85cc134e
- SHA1
  
  33aec5ec1bdfdf55b4b0f53eed4633322a155e07
- SHA256
  
  6398b922ae61c54c8ccc93725d584c8e3f0c3005716cd21fd63fb79e3bc78836
- SHA512
  
  370332d5d7a0b46fa14289e2383742cb2389d823974ed73b25b9b8c50fe362b57515ba209b55bc9a393c8b5ba9c10e1993c5186ce81fcbded191cf322e9fd353
- SSDEEP
  
  24576:e0/2xXHPeR1C4PcEJ902Ai+ShpP8rnI4zPE60:qxXHPeR15cEJbTvsnI4f0
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan