agenttesla | 199aae05b551c6ff199636d951b24399a317a449c07e7f61b494928c0826f0b4 | Triage

Sharing

General

Target

199aae05b551c6ff199636d951b24399a317a449c07e7f61b494928c0826f0b4
Size

913KB
Sample

231207-cdgjwaacd8
MD5

ff4cc696b1cdb8bd1f74ed8ffc0aa3aa
SHA1

96b3344b3ea1ff42da60847ed7f8e46937ca424d
SHA256

199aae05b551c6ff199636d951b24399a317a449c07e7f61b494928c0826f0b4
SHA512

3c61caa20149f656a5de2ab301ffb50b5fe9004e52480f6d5dacebd25e6b8add5e17276c19d021e8844a098d0af65041e1d918c950dd78281eb50b0d7978639a
SSDEEP

24576:xG/uGGqaNOhduMfh53kTf9GC6CvywQFrMx:0/uGGGnfzkT9HvxQFrMx

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.bezzleauto.com
Port:
587
Username:
[email protected]
Password:
kex#-rHjHM4qKk52
Email To:
[email protected]

Targets

- Target
  
  199aae05b551c6ff199636d951b24399a317a449c07e7f61b494928c0826f0b4
- Size
  
  913KB
- MD5
  
  ff4cc696b1cdb8bd1f74ed8ffc0aa3aa
- SHA1
  
  96b3344b3ea1ff42da60847ed7f8e46937ca424d
- SHA256
  
  199aae05b551c6ff199636d951b24399a317a449c07e7f61b494928c0826f0b4
- SHA512
  
  3c61caa20149f656a5de2ab301ffb50b5fe9004e52480f6d5dacebd25e6b8add5e17276c19d021e8844a098d0af65041e1d918c950dd78281eb50b0d7978639a
- SSDEEP
  
  24576:xG/uGGqaNOhduMfh53kTf9GC6CvywQFrMx:0/uGGGnfzkT9HvxQFrMx
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan