agenttesla | db5c5efb5506227168aca7e407f1d628073606525f9213c1f7af19a41a05fd0f | Triage

Sharing

General

Target

db5c5efb5506227168aca7e407f1d628073606525f9213c1f7af19a41a05fd0f
Size

690KB
Sample

240229-cvt7asbd72
MD5

e0e067afecfe3ad4320922ae885f9ece
SHA1

5e066bd59ca15f8c77a072fa2c02a4a6222c5267
SHA256

db5c5efb5506227168aca7e407f1d628073606525f9213c1f7af19a41a05fd0f
SHA512

3c477499b4d8cf6b58f91f0ef54fe310e0516c57135125103d715f4701be6cc5c9678d613209a74ada74a28a2f2219acb36b7c546f100056eac5bec4bb871cac
SSDEEP

12288:rWvL9bW9ezub/QstS5Tk+qQV6QGRbJjvIZHkIZwKQBHxpuLQml0wkhc0:rgL9iyE/QsYG5QgQGR9CHV+KqoZ+c

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
sg2plcpnl0128.prod.sin2.secureserver.net
Port:
587
Username:
[email protected]
Password:
]EMe[F7b^j@[
Email To:
[email protected]

Targets

- Target
  
  db5c5efb5506227168aca7e407f1d628073606525f9213c1f7af19a41a05fd0f
- Size
  
  690KB
- MD5
  
  e0e067afecfe3ad4320922ae885f9ece
- SHA1
  
  5e066bd59ca15f8c77a072fa2c02a4a6222c5267
- SHA256
  
  db5c5efb5506227168aca7e407f1d628073606525f9213c1f7af19a41a05fd0f
- SHA512
  
  3c477499b4d8cf6b58f91f0ef54fe310e0516c57135125103d715f4701be6cc5c9678d613209a74ada74a28a2f2219acb36b7c546f100056eac5bec4bb871cac
- SSDEEP
  
  12288:rWvL9bW9ezub/QstS5Tk+qQV6QGRbJjvIZHkIZwKQBHxpuLQml0wkhc0:rgL9iyE/QsYG5QgQGR9CHV+KqoZ+c
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan