agenttesla | 06c8a5695959ee2655fb9a537cf855398a4c814000b20d3af61c93f16e21b69b | Triage

Sharing

General

Target

NEAS.06c8a5695959ee2655fb9a537cf855398a4c814000b20d3af61c93f16e21b69b.exe
Size

622KB
Sample

231202-md19dsbh7y
MD5

ee58f332b2d27a1bdd8b0de098e6165c
SHA1

d0e9ec92594ef432758e63ab31f7751872c3573c
SHA256

06c8a5695959ee2655fb9a537cf855398a4c814000b20d3af61c93f16e21b69b
SHA512

b9c1c84fad01332771dcdb26c833705eac7e0ec5aed399414e4c4f93a241907279415d2e1dd3acfccd8a9f042918f598377e1138ed87995fa6a2d9b4b13b517f
SSDEEP

12288:IqfLYYZXTyX0Tp+fkI5/Gh/tDpWNIIe8frsBP3MKJBPeaHwxX:bXTD+fkjDp+IIeOI539JBPLQ

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6462317492:AAGRLAwoTiA42PAg_wJuGwDb61KKicShMe4/

Targets

- Target
  
  NEAS.06c8a5695959ee2655fb9a537cf855398a4c814000b20d3af61c93f16e21b69b.exe
- Size
  
  622KB
- MD5
  
  ee58f332b2d27a1bdd8b0de098e6165c
- SHA1
  
  d0e9ec92594ef432758e63ab31f7751872c3573c
- SHA256
  
  06c8a5695959ee2655fb9a537cf855398a4c814000b20d3af61c93f16e21b69b
- SHA512
  
  b9c1c84fad01332771dcdb26c833705eac7e0ec5aed399414e4c4f93a241907279415d2e1dd3acfccd8a9f042918f598377e1138ed87995fa6a2d9b4b13b517f
- SSDEEP
  
  12288:IqfLYYZXTyX0Tp+fkI5/Gh/tDpWNIIe8frsBP3MKJBPeaHwxX:bXTD+fkjDp+IIeOI539JBPLQ
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan