agenttesla | 5d101061b051f1de60a8aae3dd6e655cda7b068b86596d236002a09b299d8123 | Triage

Sharing

General

Target

5d101061b051f1de60a8aae3dd6e655cda7b068b86596d236002a09b299d8123
Size

118KB
Sample

231123-bedzpsfc86
MD5

b958cc69ae326c071d403898c6fdf12a
SHA1

39a598a8cbfdc8b3cdc9b24dc7e795fba9eadcc4
SHA256

5d101061b051f1de60a8aae3dd6e655cda7b068b86596d236002a09b299d8123
SHA512

a3355453528f2db32fc3c688ef40eaa46d37297e8c75e5d557123604167e7b2c9d505a2a3be4a125e0d1c7227da5cb6be065d06830f096797f546df81618eb4d
SSDEEP

3072:aKKKKKeKKKKKVKKKKKLKKKKKkKKKKKSGGKKKKK3KKKKKdKKKKKdjKKKKKx:q

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/666/676/original/vbs.jpg?1700182879

exe.dropper

https://uploaddeimagens.com.br/images/004/666/676/original/vbs.jpg?1700182879

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.worlorderbillions.top
Port:
587
Username:
[email protected]
Password:
iTQuW2z*t2Wo
Email To:
[email protected]

Targets

- Target
  
  5d101061b051f1de60a8aae3dd6e655cda7b068b86596d236002a09b299d8123
- Size
  
  118KB
- MD5
  
  b958cc69ae326c071d403898c6fdf12a
- SHA1
  
  39a598a8cbfdc8b3cdc9b24dc7e795fba9eadcc4
- SHA256
  
  5d101061b051f1de60a8aae3dd6e655cda7b068b86596d236002a09b299d8123
- SHA512
  
  a3355453528f2db32fc3c688ef40eaa46d37297e8c75e5d557123604167e7b2c9d505a2a3be4a125e0d1c7227da5cb6be065d06830f096797f546df81618eb4d
- SSDEEP
  
  3072:aKKKKKeKKKKKVKKKKKLKKKKKkKKKKKSGGKKKKK3KKKKKdKKKKKdjKKKKKx:q
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerspywarestealertrojan