agenttesla | 4d99b46424924201dd08e8fecebbf5b064b37e7fdad8cc968cdfc0e0f0b97ead | Triage

Sharing

General

Target

4d99b46424924201dd08e8fecebbf5b064b37e7fdad8cc968cdfc0e0f0b97ead.tar
Size

649KB
Sample

231201-x7e85afe9x
MD5

c1739d57a4ecc23b17f8079e2802b883
SHA1

19841dad0a31b85448e2cb1945387bbef464dda7
SHA256

4d99b46424924201dd08e8fecebbf5b064b37e7fdad8cc968cdfc0e0f0b97ead
SHA512

8a04b5181a07b6cde17ae0814f1e451c835bfa655bc85772a929dc57cf1c1352fad700a9b62f9033d6929333a14184d82cbc951636f269a2a67582591e93c4f5
SSDEEP

12288:jHoZzsJ5QWsnm8O1OkfZFZllfvih/IpZAEbRCk9TN0IetKjWo7lb2SGopox:cJsdsPC9ZHfvihA//bRp9xFeAjWrXe

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
[email protected]
Password:
29ftOO+6H-ivsG5A
Email To:
[email protected]

Targets

- Target
  
  Shipping Documents.exe
- Size
  
  647KB
- MD5
  
  c4a1c630b0f8185f81caeee3fb378744
- SHA1
  
  c57c38a18d2a349d621ab059c28f04ce68302d8c
- SHA256
  
  0b445847b8750637180e5c10be73bbb758082939394c3fd1ee2a2ea08d61e83d
- SHA512
  
  5470a96ebbb28efcb1959c0ff9a4a30f95f4e825de1fbe63797219465801eff6a2227baf476371c27ad8a52151cbf0060fc943a47626221959e26f01e870c34b
- SSDEEP
  
  12288:pHoZzsJ5QWsnm8O1OkfZFZllfvih/IpZAEbRCk9TN0IetKjWo7lb2SGopox:KJsdsPC9ZHfvihA//bRp9xFeAjWrXe
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan