agenttesla | 5bf5d486de8105b9ad9e3b7a3590e4fa959a752008d585fd0de12c0c7ff50e67 | Triage

Sharing

General

Target

5bf5d486de8105b9ad9e3b7a3590e4fa959a752008d585fd0de12c0c7ff50e67
Size

618KB
Sample

231123-b95qxafd93
MD5

93835f8f8beb76bb9c208679280a35ac
SHA1

343926cf214116fa7d5d097da9d1a0ebf64b5856
SHA256

5bf5d486de8105b9ad9e3b7a3590e4fa959a752008d585fd0de12c0c7ff50e67
SHA512

e4e1a8b40559628b1820b8335d2a656010efeb4bc4d4d3432fa7c080afa891c4e409540387bd3740148aaa06e5267452a5b556050ce5845838c4c899e6786ab2
SSDEEP

12288:vF8tDENXzbe3s+d4lRDMMTT1k3kTGAvUcejNEQF8ZnU3:tOEELd43MK1kvTv8VU3

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.bezzleauto.com
Port:
587
Username:
[email protected]
Password:
Tommyduru8118
Email To:
[email protected]

Targets

- Target
  
  POORD20231109001.exe
- Size
  
  809KB
- MD5
  
  5c4180b748b40a11611cbac14d4827d6
- SHA1
  
  fd005cac55e3b1fe44e2b88fcf124a0b1dfb0286
- SHA256
  
  d059a3bb4ddac726db29101656b244b8bf425a3e1c638bbe51e8765c7d66c86b
- SHA512
  
  e588733cea468c6c501757ce517ce3d5893da77591708a612c4a2bdc8fa257d60cb6f06d08dceecec8bc0b8b534bbb4ba6cd10fa4c762e3c5adff6f85852edf3
- SSDEEP
  
  12288:28orMbmZeadAZYMTT1M3kTOSvQKGd5ypP7r9r/+pppppppppppppppppppppppp1:BeMbmZea2ZYK1ASvf1q
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan