agenttesla | 0b445847b8750637180e5c10be73bbb758082939394c3fd1ee2a2ea08d61e83d | Triage

Sharing

General

Target

0b445847b8750637180e5c10be73bbb758082939394c3fd1ee2a2ea08d61e83d.exe
Size

647KB
Sample

231201-v9nl6sec62
MD5

c4a1c630b0f8185f81caeee3fb378744
SHA1

c57c38a18d2a349d621ab059c28f04ce68302d8c
SHA256

0b445847b8750637180e5c10be73bbb758082939394c3fd1ee2a2ea08d61e83d
SHA512

5470a96ebbb28efcb1959c0ff9a4a30f95f4e825de1fbe63797219465801eff6a2227baf476371c27ad8a52151cbf0060fc943a47626221959e26f01e870c34b
SSDEEP

12288:pHoZzsJ5QWsnm8O1OkfZFZllfvih/IpZAEbRCk9TN0IetKjWo7lb2SGopox:KJsdsPC9ZHfvihA//bRp9xFeAjWrXe

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
[email protected]
Password:
29ftOO+6H-ivsG5A
Email To:
[email protected]

Targets

- Target
  
  0b445847b8750637180e5c10be73bbb758082939394c3fd1ee2a2ea08d61e83d.exe
- Size
  
  647KB
- MD5
  
  c4a1c630b0f8185f81caeee3fb378744
- SHA1
  
  c57c38a18d2a349d621ab059c28f04ce68302d8c
- SHA256
  
  0b445847b8750637180e5c10be73bbb758082939394c3fd1ee2a2ea08d61e83d
- SHA512
  
  5470a96ebbb28efcb1959c0ff9a4a30f95f4e825de1fbe63797219465801eff6a2227baf476371c27ad8a52151cbf0060fc943a47626221959e26f01e870c34b
- SSDEEP
  
  12288:pHoZzsJ5QWsnm8O1OkfZFZllfvih/IpZAEbRCk9TN0IetKjWo7lb2SGopox:KJsdsPC9ZHfvihA//bRp9xFeAjWrXe
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan