agenttesla | bd3de02e97b1484955daace9cd74c656ce3ea4cd303767285102f78b980b9403 | Triage

Sharing

General

Target

Karachaganak Gas Project Unit 4 (KGP).exe
Size

1.2MB
Sample

231211-q31kyahfb6
MD5

870627d582b51f98fa0121b0079981b6
SHA1

600f85e2caddb36af617617605b5357b87ff9c21
SHA256

bd3de02e97b1484955daace9cd74c656ce3ea4cd303767285102f78b980b9403
SHA512

d34820f241789123332a3f7966ef73dc1293b2a8b41aaab426c7cf8f62efc3af5363a95c5b726a9854db799924d15deb042aba69a2ee2b0f7d155347717036af
SSDEEP

24576:c5D1RHLc3PPwWYYIwcuL87Etqq6vOSpd57vwvN4j6Ii3Vke3M:c5BRH+nmy87jd57v243akF

Score

10^/10

agenttesla evasion keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6797507482:AAHJ8LYbNUMw7Y3bc6Qgeuc5Q3n-h2KBG50/

Targets

- Target
  
  Karachaganak Gas Project Unit 4 (KGP).exe
- Size
  
  1.2MB
- MD5
  
  870627d582b51f98fa0121b0079981b6
- SHA1
  
  600f85e2caddb36af617617605b5357b87ff9c21
- SHA256
  
  bd3de02e97b1484955daace9cd74c656ce3ea4cd303767285102f78b980b9403
- SHA512
  
  d34820f241789123332a3f7966ef73dc1293b2a8b41aaab426c7cf8f62efc3af5363a95c5b726a9854db799924d15deb042aba69a2ee2b0f7d155347717036af
- SSDEEP
  
  24576:c5D1RHLc3PPwWYYIwcuL87Etqq6vOSpd57vwvN4j6Ii3Vke3M:c5BRH+nmy87jd57v243akF
Score

10^/10

agenttesla evasion keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaevasionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslaevasionkeyloggerpersistencespywarestealertrojan