agenttesla | ccfe18e731f5ae4678feb7154097e80ef78905f861d3eb207040f4319f783ef6 | Triage

Sharing

General

Target

SecuriteInfo.com.Win32.CrypterX-gen.17640.5876.exe
Size

707KB
Sample

231127-qjybgagg4z
MD5

7ee98e9c019067c1dfda71c8a92ce58a
SHA1

07bde0c81f43a911ae2629818009330e01f241ba
SHA256

ccfe18e731f5ae4678feb7154097e80ef78905f861d3eb207040f4319f783ef6
SHA512

eff358759dcdab5e09bfb7461be38261e7b89c87fc6a9103b7183af74a9270e12f863d6062cb61703e45e3a8341121f691036268e6abf0c4933bff11f32f6807
SSDEEP

12288:Y5pd7BR6wT9UV9W/5UqEXAt9ICXvR2sAktYvj5D6RmKeDoi0EZSmZvEnfMOonaZa:spBeL4tEQt9d52OavE7i0EjZvLCk+47

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.amtechcards.com
Port:
587
Username:
[email protected]
Password:
]i[a(tUWlmp%
Email To:
[email protected]

Targets

- Target
  
  SecuriteInfo.com.Win32.CrypterX-gen.17640.5876.exe
- Size
  
  707KB
- MD5
  
  7ee98e9c019067c1dfda71c8a92ce58a
- SHA1
  
  07bde0c81f43a911ae2629818009330e01f241ba
- SHA256
  
  ccfe18e731f5ae4678feb7154097e80ef78905f861d3eb207040f4319f783ef6
- SHA512
  
  eff358759dcdab5e09bfb7461be38261e7b89c87fc6a9103b7183af74a9270e12f863d6062cb61703e45e3a8341121f691036268e6abf0c4933bff11f32f6807
- SSDEEP
  
  12288:Y5pd7BR6wT9UV9W/5UqEXAt9ICXvR2sAktYvj5D6RmKeDoi0EZSmZvEnfMOonaZa:spBeL4tEQt9d52OavE7i0EjZvLCk+47
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan