agenttesla | b394bc4f98160161eb89ef8840f21c86ded8b96bc5994bfb75e5087852530267 | Triage

Sharing

General

Target

b394bc4f98160161eb89ef8840f21c86ded8b96bc5994bfb75e5087852530267
Size

540KB
Sample

231207-cw5z7aadf4
MD5

e9051aabd7585dfc01ecf5e20b7a4d71
SHA1

cd380d2c1434ebee41ee9b5d6cafe0f7c17ebf7f
SHA256

b394bc4f98160161eb89ef8840f21c86ded8b96bc5994bfb75e5087852530267
SHA512

10eeb285052dc0868279138805928fa3b226d25b915bd9009b0dd7e5a7f97ea1b559c0cbebd6490872f67d028edb9ef853b88ac5e41fb4af02f88a9cf6e237f5
SSDEEP

12288:9bz2hIHPID42/LbxmA+yUlXzyQiT63kMdZ9GL:9bz2NDbxD+xljyQ+63XdiL

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.adityagroup.co
Port:
587
Username:
[email protected]
Password:
Aditya!@#$%^
Email To:
[email protected]

Targets

- Target
  
  Statement of Account.exe
- Size
  
  565KB
- MD5
  
  e45e292ee1302005225b8ee245018cc8
- SHA1
  
  5dd2b9ee3d84b40e7d4aecc5cc068367729e88ea
- SHA256
  
  a212cb057ef247f50d13b60031f5ef2527f1d86c79628a7d3d8bc328cbe1ccf6
- SHA512
  
  a3d6cc6975682344ba35345a19df338ef753055ab3be22f6687c7a090846d980af98dcee76741134ddb82e09b2c48df9d11d1e66bfee6e10d710c146e679621b
- SSDEEP
  
  12288:h2AQaueH5q8IDUKiAhTM1cJ3lfi5EIKqi+6u4UXrcbyyEAo:h2EqxDXhTM+xlLIpiM4UQ9E
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan