agenttesla | 6f23c4b060e644dc6a6f1cd7ac58e44a4f3e203ff6129b6109cb0076d969aedb | Triage

Sharing

General

Target

6f23c4b060e644dc6a6f1cd7ac58e44a4f3e203ff6129b6109cb0076d969aedb
Size

946KB
Sample

231205-ved49acf4w
MD5

640c8c973410694aa5effd24c3286077
SHA1

af73830e92e7945c1d90b37a5572f4ab22b29180
SHA256

6f23c4b060e644dc6a6f1cd7ac58e44a4f3e203ff6129b6109cb0076d969aedb
SHA512

e26e33326462acce623d9f0c5a4ace130b72e4c599f90d5f76a7477a105718eab58cd5442c603ff56f5a62ecd00c6e06ec8d5e3d3ed3efd0694d9817c67cffcf
SSDEEP

24576:/DkUNi1EvGhvqLJcZWgTOfVjUNQt6KyxGg5OpkLvZrB5ElRRN:/DkUrO1IAWgiVW8Ev5PrwL7

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.impot-expt.com
Port:
587
Username:
[email protected]
Password:
MymoneyRR$$$123
Email To:
[email protected]

Targets

- Target
  
  6f23c4b060e644dc6a6f1cd7ac58e44a4f3e203ff6129b6109cb0076d969aedb
- Size
  
  946KB
- MD5
  
  640c8c973410694aa5effd24c3286077
- SHA1
  
  af73830e92e7945c1d90b37a5572f4ab22b29180
- SHA256
  
  6f23c4b060e644dc6a6f1cd7ac58e44a4f3e203ff6129b6109cb0076d969aedb
- SHA512
  
  e26e33326462acce623d9f0c5a4ace130b72e4c599f90d5f76a7477a105718eab58cd5442c603ff56f5a62ecd00c6e06ec8d5e3d3ed3efd0694d9817c67cffcf
- SSDEEP
  
  24576:/DkUNi1EvGhvqLJcZWgTOfVjUNQt6KyxGg5OpkLvZrB5ElRRN:/DkUrO1IAWgiVW8Ev5PrwL7
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerspywarestealertrojan