agenttesla | 326ca233e9e93b07a4ce7232bf7191a95cfa11e2d69c1b1a79fc69f1980722fb | Triage

Sharing

General

Target

326ca233e9e93b07a4ce7232bf7191a95cfa11e2d69c1b1a79fc69f1980722fb
Size

532KB
Sample

231203-bdyygsgf69
MD5

2c334fd4c8aca0cb889f3fb764b55c5b
SHA1

205d9c7f0da4488123ba70432454ee77f58a7a88
SHA256

326ca233e9e93b07a4ce7232bf7191a95cfa11e2d69c1b1a79fc69f1980722fb
SHA512

c58528f5dd0c33477c69719803757054edb70844ce68c0c4df184ce63d8fb5b6ee807a087f0592ad6c1b7c1b221c5144ce9dcc38c0cedac6a65c99dedfe590f3
SSDEEP

12288:vcxPgUrbekrZzSuYf63NjHTC9mXyGRqiMgQ/qf:095tz463x2mXynilQyf

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  326ca233e9e93b07a4ce7232bf7191a95cfa11e2d69c1b1a79fc69f1980722fb
- Size
  
  532KB
- MD5
  
  2c334fd4c8aca0cb889f3fb764b55c5b
- SHA1
  
  205d9c7f0da4488123ba70432454ee77f58a7a88
- SHA256
  
  326ca233e9e93b07a4ce7232bf7191a95cfa11e2d69c1b1a79fc69f1980722fb
- SHA512
  
  c58528f5dd0c33477c69719803757054edb70844ce68c0c4df184ce63d8fb5b6ee807a087f0592ad6c1b7c1b221c5144ce9dcc38c0cedac6a65c99dedfe590f3
- SSDEEP
  
  12288:vcxPgUrbekrZzSuYf63NjHTC9mXyGRqiMgQ/qf:095tz463x2mXynilQyf
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan