agenttesla | d72880e84ee6adafc15282e19195ae20618c5655b89c3b25e677af86385982fd | Triage

Sharing

General

Target

d72880e84ee6adafc15282e19195ae20618c5655b89c3b25e677af86385982fd.7z
Size

605KB
Sample

231202-jg2sjsae9w
MD5

b82beeec5f7a3c6978d4432785cce7cf
SHA1

890bec626f4ce2e8978b2c4fc412700344327cd5
SHA256

d72880e84ee6adafc15282e19195ae20618c5655b89c3b25e677af86385982fd
SHA512

40a9ea4b13b34f4dd36ad20cf0a2fa36d6f36745059b357674492caadef2f8c94c6b518095f188cb7b8535659cc38307fab7504cc10856f6a784344dec87f040
SSDEEP

12288:qM9kBIwDGjRogx1JFoZXiF8D0w3Se7zJb+cguWZ5iCn4DbOG6hT:feIZug3JFoK4Secc7iiC42G6hT

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.dynamicconsultinglogistics.ma
Port:
587
Username:
[email protected]
Password:
Laanaya@2022
Email To:
[email protected]

Targets

- Target
  
  123 WHL (ASA route) SSHAS0123860.exe
- Size
  
  691KB
- MD5
  
  52092f980201ffce0352e5126ed0bf43
- SHA1
  
  919d960cad9c7495d253f741fe56000bfe11e938
- SHA256
  
  54aecbaf7821c0ee087cae191865a7df8b58408efbaec7b96b6b0dda54efd32f
- SHA512
  
  ed8aa398d970628d7e5d759f0567d778eafac99807a70dde406bc0ecd1a1f57c5f13cbb7655053bb088fe81ea0b337becd9b598be49a71fbddd343b9249ed705
- SSDEEP
  
  12288:fAcopox4QzSIGjRzgx1JtoZX8F8D0m3SqazJb+cgxWZqiwn4DbOKij:zeQSftg3Jto4eSqRcm/iw421
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan