agenttesla | 278fe6cf80d27a70d639d6f159ad63fdc5c4af62c358cd53d379d0005dc19f62 | Triage

Sharing

General

Target

NEAS.SecuriteInfocomTrojanPackedNET1995983524201.exe
Size

670KB
Sample

231202-l82yqsbg34
MD5

c1b548a7ac2b3850ea4482d07eefd364
SHA1

f4de4836ad0e2f6a13193adf00cf45788e89fd16
SHA256

278fe6cf80d27a70d639d6f159ad63fdc5c4af62c358cd53d379d0005dc19f62
SHA512

06454c7af52ebb172fdb3f887143d7e4e3ca7cb8b8516bdda7c4c197d4e9da04860ce02bf24ac04f6e61b72b5d13051931f99bf6b36533dcc3ac8d20d62c6f4b
SSDEEP

12288:UbjIdgMmCtakk7hDz0wQSfhYI7ZMy0iy4iLmRrJilSEgI0eSSejYbso:UbogMfvklzQSZYI7N0iCKl6SE10ae

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.mgsales.net
Port:
587
Username:
[email protected]
Password:
.L&tA{$_f4+t
Email To:
[email protected]

Targets

- Target
  
  NEAS.SecuriteInfocomTrojanPackedNET1995983524201.exe
- Size
  
  670KB
- MD5
  
  c1b548a7ac2b3850ea4482d07eefd364
- SHA1
  
  f4de4836ad0e2f6a13193adf00cf45788e89fd16
- SHA256
  
  278fe6cf80d27a70d639d6f159ad63fdc5c4af62c358cd53d379d0005dc19f62
- SHA512
  
  06454c7af52ebb172fdb3f887143d7e4e3ca7cb8b8516bdda7c4c197d4e9da04860ce02bf24ac04f6e61b72b5d13051931f99bf6b36533dcc3ac8d20d62c6f4b
- SSDEEP
  
  12288:UbjIdgMmCtakk7hDz0wQSfhYI7ZMy0iy4iLmRrJilSEgI0eSSejYbso:UbogMfvklzQSZYI7N0iCKl6SE10ae
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan