agenttesla | 7318815c5eed7085d6d336406e6c3255a23e255f5caa954b6b1b4549b7519701 | Triage

Sharing

General

Target

LAMCHUANQ710901.pdf.exe
Size

1024KB
Sample

231204-wdgpesdh6y
MD5

8412a2cceb09519e18c3419df99efbad
SHA1

33fdcdd1ea11818c2928d80c52e786b0cca9e522
SHA256

7318815c5eed7085d6d336406e6c3255a23e255f5caa954b6b1b4549b7519701
SHA512

b81f90357485356ec5b678e19d41359db65e5b9f328a9d94d4d76fbecee5286cffbce4ce95c9dd7109044fe95b37abcfee6bae443930f22e5cc218808b849d8d
SSDEEP

24576:RBm634/up+pJtwFbGyArZTDOYDD/ckaCFUBkMIHpDqDDBi:RX38PJtw5Ag6D/6CFMkzpDH

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6439280362:AAFxJ6Gm_hfG3MYnjXvw0e4QQEIFTsOjkuk/

Targets

- Target
  
  LAMCHUANQ710901.pdf.exe
- Size
  
  1024KB
- MD5
  
  8412a2cceb09519e18c3419df99efbad
- SHA1
  
  33fdcdd1ea11818c2928d80c52e786b0cca9e522
- SHA256
  
  7318815c5eed7085d6d336406e6c3255a23e255f5caa954b6b1b4549b7519701
- SHA512
  
  b81f90357485356ec5b678e19d41359db65e5b9f328a9d94d4d76fbecee5286cffbce4ce95c9dd7109044fe95b37abcfee6bae443930f22e5cc218808b849d8d
- SSDEEP
  
  24576:RBm634/up+pJtwFbGyArZTDOYDD/ckaCFUBkMIHpDqDDBi:RX38PJtw5Ag6D/6CFMkzpDH
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan