agenttesla | a2c4478106416ec3450226eb0c721d2a62558109d5f13a67ea78b128e410f665 | Triage

Sharing

General

Target

Inquiry645335.exe
Size

797KB
Sample

231205-whs81sde5x
MD5

82a178cbe07fc5cfa343802c91487e8d
SHA1

a349c1b32f152f15b899bf17a1e8d147127cd6fc
SHA256

a2c4478106416ec3450226eb0c721d2a62558109d5f13a67ea78b128e410f665
SHA512

5aceeaf7279fa990d05ae30328ef8667941368ffc69bdf85f723593d89f558e2c07a50d0f983305bf5f03af5802e79649bb40952e0180a422d6f425f436b78f3
SSDEEP

12288:I/E6jD/62iNW5nF85U/Wo/gBbp1REB6x0X+xISQ3D0Y7XiBcJG:StD/614EUuo/ueBi0+ZQT0EXiKg

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.sachingandhiarchitects.com
Port:
587
Username:
[email protected]
Password:
devi060911
Email To:
[email protected]

Targets

- Target
  
  Inquiry645335.exe
- Size
  
  797KB
- MD5
  
  82a178cbe07fc5cfa343802c91487e8d
- SHA1
  
  a349c1b32f152f15b899bf17a1e8d147127cd6fc
- SHA256
  
  a2c4478106416ec3450226eb0c721d2a62558109d5f13a67ea78b128e410f665
- SHA512
  
  5aceeaf7279fa990d05ae30328ef8667941368ffc69bdf85f723593d89f558e2c07a50d0f983305bf5f03af5802e79649bb40952e0180a422d6f425f436b78f3
- SSDEEP
  
  12288:I/E6jD/62iNW5nF85U/Wo/gBbp1REB6x0X+xISQ3D0Y7XiBcJG:StD/614EUuo/ueBi0+ZQT0EXiKg
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan