agenttesla | 857cbe86cd62c9b358e3e269ae7f68405e437c502689ddd26702f6a5d188b8ce | Triage

Sharing

Copy URL Twitter E-mail

General

Target

857cbe86cd62c9b358e3e269ae7f68405e437c502689ddd26702f6a5d188b8ce
Size

683KB
Sample

240223-cdxk4aac63
MD5

5d91a43bb09486532808b90732531ed6
SHA1

0b7e75efc47c64469f81506ca542bd1099da9a39
SHA256

857cbe86cd62c9b358e3e269ae7f68405e437c502689ddd26702f6a5d188b8ce
SHA512

295d9c80d13eec88eac83b2bcc4f920d837f5502e9e4506d5efc5e9351d5d8e5fc693d5717891cfa893342f36a4f486af0c47165e27bd1277c8c0a7983f329f5
SSDEEP

12288:MLqnKWqjjTTVtqrPYF3k4DIZ3CBUFH4W2fUamYoLUP5DmRmdBD4rOIRiKu6xlTxP:Ox7PWwhk4URCBUFH4IxYoLy5DmYDDwZd

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.issltd.org
Port:
587
Username:
[email protected]
Password:
iss123
Email To:
[email protected]

Targets

- Target
  
  Payment advice.exe
- Size
  
  749KB
- MD5
  
  fc1c19c8e80aae490dd7f5667c3c1fb0
- SHA1
  
  9582890bb865451e8a367adb472170ce249ea292
- SHA256
  
  6048838a96507ca26c12c642663939ccceba50c27fda8af018b6a05ffedf7c24
- SHA512
  
  6bb50e13f3271577cac34773e615d775ee68bbabe9be0e24fed8c36664344f49dead7952331d51d0acf952eb91bb9efd1c56ac9c9bf7fa83e2c88d02b6361504
- SSDEEP
  
  12288:4on0R0MuAt1IRQQq2uYBY0wsKUamsoLCP5XYHmdhc/LDC8PhDU:Z0OMu88QaY05xsoLU5XYGUe85DU
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan