agenttesla | 5931ddeea405cd4878d2fd6e340d55021a71dfd2619e56e7e5c5bbad0488db34 | Triage

Sharing

General

Target

5931ddeea405cd4878d2fd6e340d55021a71dfd2619e56e7e5c5bbad0488db34.exe
Size

720KB
Sample

231206-vxd7zafg6w
MD5

31dd2e39c8df030acfcbac60f31e1fc7
SHA1

4f5043b4569851675908b0a53bcc3dfdd6aaf5d5
SHA256

5931ddeea405cd4878d2fd6e340d55021a71dfd2619e56e7e5c5bbad0488db34
SHA512

7d530ce80312f9e1d751727c3c537c3a0d4e6639bc968da0c80b190e0b5c8ed13704c28a10ed69f70c75540852b4fe7cea087355eae21bbf200a08717649e571
SSDEEP

12288:TZ5nF8ME6jD/hLcBRTnunntqorOkfDhJQQ7zbxGL/n3WaOp/wOOBcei/um+Tt:TZPtD/yBtQqChT7PCn3WyOO4/uZTt

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.amtechcards.com
Port:
587
Username:
[email protected]
Password:
puuAt8;(Y$NU
Email To:
[email protected]

Targets

- Target
  
  5931ddeea405cd4878d2fd6e340d55021a71dfd2619e56e7e5c5bbad0488db34.exe
- Size
  
  720KB
- MD5
  
  31dd2e39c8df030acfcbac60f31e1fc7
- SHA1
  
  4f5043b4569851675908b0a53bcc3dfdd6aaf5d5
- SHA256
  
  5931ddeea405cd4878d2fd6e340d55021a71dfd2619e56e7e5c5bbad0488db34
- SHA512
  
  7d530ce80312f9e1d751727c3c537c3a0d4e6639bc968da0c80b190e0b5c8ed13704c28a10ed69f70c75540852b4fe7cea087355eae21bbf200a08717649e571
- SSDEEP
  
  12288:TZ5nF8ME6jD/hLcBRTnunntqorOkfDhJQQ7zbxGL/n3WaOp/wOOBcei/um+Tt:TZPtD/yBtQqChT7PCn3WyOO4/uZTt
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan