agenttesla | b12f4fb9ba8afbedede9a6132fa5c92a25045d33dd93dbafcb042dbc6bcae529 | Triage

Sharing

General

Target

b12f4fb9ba8afbedede9a6132fa5c92a25045d33dd93dbafcb042dbc6bcae529.exe
Size

911KB
Sample

231202-k9ts3sbc2s
MD5

f06ced89e9f041ea9907fa750a31a5a8
SHA1

a5adcfede6509ef3f19c4774f1438d8b1da8ec55
SHA256

b12f4fb9ba8afbedede9a6132fa5c92a25045d33dd93dbafcb042dbc6bcae529
SHA512

f44382439ec9435f164d13b0af5f557b23869a6f695307117c5cb5c5778cde161afb9f4e7fb6bd467e9da67e7cbd81a651345a1c32c999774815ad0d9336dcb2
SSDEEP

12288:b+fL9rf814Ok9fCy7ib/FQItk/n0QCt/d/7ZI9+lMO2OPWtddjcd8SLGA6LKMUBY:bELL0rl5ZK+LCPdjcfGxLVUBYrro

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
[email protected]
Password:
OBM04KgM9O-I1Nnk
Email To:
[email protected]

Targets

- Target
  
  b12f4fb9ba8afbedede9a6132fa5c92a25045d33dd93dbafcb042dbc6bcae529.exe
- Size
  
  911KB
- MD5
  
  f06ced89e9f041ea9907fa750a31a5a8
- SHA1
  
  a5adcfede6509ef3f19c4774f1438d8b1da8ec55
- SHA256
  
  b12f4fb9ba8afbedede9a6132fa5c92a25045d33dd93dbafcb042dbc6bcae529
- SHA512
  
  f44382439ec9435f164d13b0af5f557b23869a6f695307117c5cb5c5778cde161afb9f4e7fb6bd467e9da67e7cbd81a651345a1c32c999774815ad0d9336dcb2
- SSDEEP
  
  12288:b+fL9rf814Ok9fCy7ib/FQItk/n0QCt/d/7ZI9+lMO2OPWtddjcd8SLGA6LKMUBY:bELL0rl5ZK+LCPdjcfGxLVUBYrro
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan