agenttesla | 9bdd0e7c37eeae0f6d4da635e9c856fb2e009aa7ed59777f33776ff89066fba6 | Triage

Sharing

General

Target

9bdd0e7c37eeae0f6d4da635e9c856fb2e009aa7ed59777f33776ff89066fba6
Size

5KB
Sample

231208-c2187agg68
MD5

307250be963257c7e18a3252e4bd74d4
SHA1

568d3fd58dfbd7140aae6a7840460b343c83c13f
SHA256

9bdd0e7c37eeae0f6d4da635e9c856fb2e009aa7ed59777f33776ff89066fba6
SHA512

71bbc3c7013730683d33c594613dc831c337ca0298975f42705e92afeb2c34b78b166820f4f4b05480f4673c626d0f81c40372090627a76562454e1a8fade484
SSDEEP

48:6Qi+hmUGDJrNHIjfe6DSfAEnwgKgwoWz6Ao/CIjfdUhLQIfhsFwQpsVtiOlSDqFQ:G7lrZIjG6DSfA/dgwo/pf8Bhrt0ozNt

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6414995176:AAGuFTS3tKhdeIu6sCNhCNw8cv7vkPJh1TQ/

Targets

- Target
  
  9bdd0e7c37eeae0f6d4da635e9c856fb2e009aa7ed59777f33776ff89066fba6
- Size
  
  5KB
- MD5
  
  307250be963257c7e18a3252e4bd74d4
- SHA1
  
  568d3fd58dfbd7140aae6a7840460b343c83c13f
- SHA256
  
  9bdd0e7c37eeae0f6d4da635e9c856fb2e009aa7ed59777f33776ff89066fba6
- SHA512
  
  71bbc3c7013730683d33c594613dc831c337ca0298975f42705e92afeb2c34b78b166820f4f4b05480f4673c626d0f81c40372090627a76562454e1a8fade484
- SSDEEP
  
  48:6Qi+hmUGDJrNHIjfe6DSfAEnwgKgwoWz6Ao/CIjfdUhLQIfhsFwQpsVtiOlSDqFQ:G7lrZIjG6DSfA/dgwo/pf8Bhrt0ozNt
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan