agenttesla | 29dde0c42e931658310ede756d477eea838ad95e75a7b589fe8393b0f30bbfa6 | Triage

Sharing

General

Target

29dde0c42e931658310ede756d477eea838ad95e75a7b589fe8393b0f30bbfa6
Size

818KB
Sample

231205-cvzrsagg71
MD5

3d96b5fa3d4aec629fc9eabc97d17b1a
SHA1

bbf097eda548be4bb8f2e2ac440bfe0838ccce12
SHA256

29dde0c42e931658310ede756d477eea838ad95e75a7b589fe8393b0f30bbfa6
SHA512

f19d6fc1786de14923596e7d8b51005e329d2bb72d4255bf7837063a34c46687dd8e25e8711d9aef32021f8dea157230428a196394569f9c286cdb4fca3d06ba
SSDEEP

12288:dWxr8tW8G34/uK45+po2yzBX2eln5gi+jiiUVxKfC3xFCLOzaMpsDiDfC7o+ncY0:mz34/up+pJ/elnD+ON4C/psDkq73dX

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.precise.co.in
Port:
587
Username:
[email protected]
Password:
Singh@2022$
Email To:
[email protected]

Targets

- Target
  
  29dde0c42e931658310ede756d477eea838ad95e75a7b589fe8393b0f30bbfa6
- Size
  
  818KB
- MD5
  
  3d96b5fa3d4aec629fc9eabc97d17b1a
- SHA1
  
  bbf097eda548be4bb8f2e2ac440bfe0838ccce12
- SHA256
  
  29dde0c42e931658310ede756d477eea838ad95e75a7b589fe8393b0f30bbfa6
- SHA512
  
  f19d6fc1786de14923596e7d8b51005e329d2bb72d4255bf7837063a34c46687dd8e25e8711d9aef32021f8dea157230428a196394569f9c286cdb4fca3d06ba
- SSDEEP
  
  12288:dWxr8tW8G34/uK45+po2yzBX2eln5gi+jiiUVxKfC3xFCLOzaMpsDiDfC7o+ncY0:mz34/up+pJ/elnD+ON4C/psDkq73dX
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan