agenttesla | a8dd4bf924b9fc2b3e55afd2aed462e6da483b7faa6394d233a55703b734ed5d | Triage

Sharing

General

Target

a8dd4bf924b9fc2b3e55afd2aed462e6da483b7faa6394d233a55703b734ed5d.zip
Size

873KB
Sample

231201-x6pq6sfe81
MD5

c81704cdcb3c8f5941f3491c13bb9184
SHA1

65862e96aafe1b2f2403f37e563f9533a4e32a60
SHA256

a8dd4bf924b9fc2b3e55afd2aed462e6da483b7faa6394d233a55703b734ed5d
SHA512

8d10fd820ca35af5559efbe1de4defb22635ef615e397e39eea18048b9a5378d81c053f4a636323bb2fc57352b226de4765377e094edf65cc98161978d22ed06
SSDEEP

24576:eIseiYVQMJVIwA6EuRr5jl2oQ8+Kk6NI6Gj6KUJOcr:eIs+qKQeHJ+sNIVjgJz

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.unitechautomations.com
Port:
587
Username:
[email protected]
Password:
Unitech@123
Email To:
[email protected]

Targets

- Target
  
  003035044445.AWB.PRG.CHO.M20.20231124.003622.20231124.004549.10532.exe
- Size
  
  1.0MB
- MD5
  
  50fcb0b381ff9bbef33e90561ca1d324
- SHA1
  
  eb9d093de06bacc8204058ba9ed7c77f2194560c
- SHA256
  
  eb0c9f7ff7106033740df49533023ab8c93304ec66c76496dde0aab528a7472a
- SHA512
  
  811dc2da113f2272b4211c558a9d0882743571ff4a3becc2771718e5bc8e15978f1b0efa030e9dd4df2fe77143c96917b62fca552488c13e0b8ad36929f98265
- SSDEEP
  
  24576:6yBN2mseCYCHXDm/jvyzRT5Fl2ue8+KkewDyTnUdVXR:6ybsNYCHTm+t1r+QmyTn+VB
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan