agenttesla | 7d9999594357716bf5765f4ef49713dbbe39022ca58a32bee52c58573add6bf0 | Triage

Sharing

General

Target

7d9999594357716bf5765f4ef49713dbbe39022ca58a32bee52c58573add6bf0
Size

808KB
Sample

231206-bexrtahf63
MD5

10c7d7702e5b997809d2eacbc79d8681
SHA1

66ec83398a378719289e2e3e39345689af14599c
SHA256

7d9999594357716bf5765f4ef49713dbbe39022ca58a32bee52c58573add6bf0
SHA512

7c68207d8bb4aa5c6e4ab4d6d5924b9f83e78e8a44cf11b0b2d8cd377ab461903bdc4b5b5d818237fde91f01317e680696df4eab2ad9e48c9c760754836c2f47
SSDEEP

12288:k2GAczHQ4fzRpSNAZ+OTuUa8n+23S6KXuf1tdw64BIeC+YnEc5ZCNXwPH2gKzLNk:YzHQ2tpt+OB+IwE1t3nLte8HiBfj/3E

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.issltd.org
Port:
587
Username:
[email protected]
Password:
iss123
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
mail.issltd.org
Port:
587
Username:
[email protected]
Password:
iss123

Targets

- Target
  
  Commerce registration-172301539 + Pro-Forma Invoice.exe
- Size
  
  857KB
- MD5
  
  64baca6856ba84fe379eb4d720859edc
- SHA1
  
  a234caa5425fcbc4e783dd00722156e533bd6def
- SHA256
  
  ab3eb849490834407657e205832591cfa3c3504ed9373bf53396015d62b9e549
- SHA512
  
  53449f2ed2e397adadb3a48d561c864734961c40392c2f8f3a8ed6c84afd6db8008fc633405a065cc07a51f8396015f7bb8b3b7c1c4cb8aecbbc1a588b5d53db
- SSDEEP
  
  12288:DO5nF8pREGHTbSGWJ7Usocar3S6KMvbPt1w6+BIe4+YnKc5lCzXwPH2gYDMID:Km39s2LwMzPtNPLPe8H6MI
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan