agenttesla | 7516c5ae848f4cea3de9a6ed49f91912565e80bee00cae0cac9008eedea1642a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

23112023_2055_2023798.iso
Size

260KB
Sample

231123-p5va9shh55
MD5

3b332ac466dee62e3c7a51b738b17301
SHA1

4a4e5262a249af36a095d3fe4e07854434f62832
SHA256

7516c5ae848f4cea3de9a6ed49f91912565e80bee00cae0cac9008eedea1642a
SHA512

a455ae628fbf92a3833ec1b6faf8150140849c1c37e74d2cff19695a93a29c790af05c9056c196a4025ddc7ce782481b563097673c0cbbc18220437b0ae482a9
SSDEEP

3072:PJ7v7HrCV7v7t7T7Z7G7b7M7b7zYsrguvYnzUk8L8H6XJm3/ByGGGGGIGGGGGIG9:P4xvm

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/666/676/original/vbs.jpg?1700182879

exe.dropper

https://uploaddeimagens.com.br/images/004/666/676/original/vbs.jpg?1700182879

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.kieleckadrukarnia.pl
Port:
587
Username:
[email protected]
Password:
NE2022pierwszegonieprzepijam
Email To:
[email protected]

Targets

- Target
  
  2023798.vbs
- Size
  
  198KB
- MD5
  
  5f855f3655e8fd516ead68967889caa6
- SHA1
  
  a54e6da34551349f7f063592a17a04a1aebd5fc0
- SHA256
  
  6c28c18cb1792fcc9df2129febc69816800eb047b5a04e41e81b389bb26813d5
- SHA512
  
  200f6c3a383d70b68a6c422889852f5b8b655d16fe62fbf5810ba45398510c5a436f6a13f01431b971d878f68ac49a8ae4b0b2f8ec52205094f74091737e7dd5
- SSDEEP
  
  3072:6J7v7HrCV7v7t7T7Z7G7b7M7b7zYsrguvYnzUk8L8H6XJm3/ByGGGGGIGGGGGIG4:64xvmI
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerspywarestealertrojan