agenttesla | a5d50d0dd9ddcd2a0dfc27ff42a5bb13487b2c7b94087666fb5a16a0057b1549 | Triage

Sharing

General

Target

a5d50d0dd9ddcd2a0dfc27ff42a5bb13487b2c7b94087666fb5a16a0057b1549.7z
Size

693KB
Sample

231202-jgk5ssae98
MD5

c7980137b6979656fa31cf6cce3c715e
SHA1

3c71737304fcf580263278940498bf019ea1a265
SHA256

a5d50d0dd9ddcd2a0dfc27ff42a5bb13487b2c7b94087666fb5a16a0057b1549
SHA512

26c9d554a545b2261913f364437cec92f1754b2a4e880b34d94fcb9bfc60ae24114117cf25ffb445953af26ee408b40aed1e8a0bdc129f4cdc77d5529c827ab0
SSDEEP

12288:uwQCqu8K4ujLCzwqKHJ6MSaGyAds1EDrHE+f3R/Ekao:VlT8LOSn21ArHbhnao

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.bezzleauto.com
Port:
587
Username:
[email protected]
Password:
kex#-rHjHM4qKk52
Email To:
[email protected]

Targets

- Target
  
  Proforma Invoice - Well Ergon 16-09-2023.exe
- Size
  
  981KB
- MD5
  
  ff1eb59fead63e9e085cc141cfe2ea05
- SHA1
  
  f367f16f00b643194270fae417603025fd720a4e
- SHA256
  
  fa9768671a5cf88a6140c7dc6a4a23e428707e903640e66d7eab3fa7e0ba52e2
- SHA512
  
  18befc027e7bce78743845becac2c97551e7b197a08cc59a1ffba032cff4259078c93f8e5da3d26a2b62656a7c5ec9a815219a20f4ea13241fa0bc24f2ef069d
- SSDEEP
  
  12288:DsJ28iaLMu8KCzKXB/wqKFtAEJaGyrP11UFWopoxpgn2IyFqpXWr0EeS7J/P7r9O:D+2vaLP8v+lhj1UYei1q
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan