agenttesla | fadb9cbc4472d82e46fdbaa4ba5d74b4fcf46e92081050829405e210a5337f52 | Triage

Sharing

General

Target

Order 4102672345.rar
Size

608KB
Sample

231206-j5ktyach56
MD5

f75dcf5a8172754b11fed7c67ff68f8c
SHA1

677ff839bacc1aa068a8a8df1f87b5325154607d
SHA256

fadb9cbc4472d82e46fdbaa4ba5d74b4fcf46e92081050829405e210a5337f52
SHA512

ce6f15f37c907883f0a760d0abede2c2af35bc762fe4815ba6c18ab05caef006030cbf19aaccae22fa83af44f793264602f8786733528e880ed5883663bc36ab
SSDEEP

12288:9MpEHdEeVBsfc9YPUxA0t4a8f9GDrhjJSe21sLRDqj+DzwFi:u+9vVBsUoUb4DyLp2atDzGi

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.vrlogistic.com
Port:
587
Username:
[email protected]
Password:
@dmin@123
Email To:
[email protected]

Targets

- Target
  
  Order 4102672345.exe
- Size
  
  639KB
- MD5
  
  e00ea5e1e1b9b1f8a63cb79f7c870359
- SHA1
  
  dce9d736e1e7865b925a6e77977440528fc77579
- SHA256
  
  07463687693e68947b76ead68ae75f764649c80725f4914cde0eaf0d1c4644d7
- SHA512
  
  427de637a2676e021654b3932095299e6674802db562532802bdcfc1eb7747121ca6608c61b4e4e3388293ae10f8d43ebc6fc34ccd23cdd1caf457cc912ac609
- SSDEEP
  
  12288:g97QaueH5qXSFVWKmcLht4aNkWOJGx4gW8POHnUbVvaoL:g9ZqAUeht4OxekAUByo
Score

10^/10

agenttesla keylogger spyware stealer trojan persistence
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan