agenttesla | fbd9f7ad2be08cf51e0c5b1ab396fe3132b2e9a5476e2c8e1d027f7dd33ed418 | Triage

Sharing

General

Target

Statement Of Account.rar
Size

608KB
Sample

231207-vv97mafd2t
MD5

ed198cb7c33e5bb812faa4270116ebca
SHA1

a2753e76410b79f015402b3162e6d55b9156be71
SHA256

fbd9f7ad2be08cf51e0c5b1ab396fe3132b2e9a5476e2c8e1d027f7dd33ed418
SHA512

38277bac901f3cdb65e95ecbc7a82ab75b74a308727ac104fe771d356a25cd9099ea8fd221595caa502a9b2cc45e6312e811c67756c0ab08243443048d49c0a6
SSDEEP

12288:VMpEHdEeVBsfc9YPUxA0t4a8f9GDrhjJSe21sLRDqj+DzwFE:W+9vVBsUoUb4DyLp2atDzGE

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.vrlogistic.com
Port:
587
Username:
[email protected]
Password:
@dmin@123
Email To:
[email protected]

Targets

- Target
  
  Statement Of Account.exe
- Size
  
  639KB
- MD5
  
  e00ea5e1e1b9b1f8a63cb79f7c870359
- SHA1
  
  dce9d736e1e7865b925a6e77977440528fc77579
- SHA256
  
  07463687693e68947b76ead68ae75f764649c80725f4914cde0eaf0d1c4644d7
- SHA512
  
  427de637a2676e021654b3932095299e6674802db562532802bdcfc1eb7747121ca6608c61b4e4e3388293ae10f8d43ebc6fc34ccd23cdd1caf457cc912ac609
- SSDEEP
  
  12288:g97QaueH5qXSFVWKmcLht4aNkWOJGx4gW8POHnUbVvaoL:g9ZqAUeht4OxekAUByo
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan