agenttesla | 3f1ecc5ad2ba9ce4ac4e8c38ad57feea77c99077bdbaba259054e87d32fbaa81 | Triage

Sharing

General

Target

URGENT REQUEST FOR QUOTATION.rar
Size

634KB
Sample

240311-tmc2gsfb3s
MD5

518c91e6f945d5172d23d339bffe8ff3
SHA1

2ceec463b879a75dc404b4eb407d92760302cf0d
SHA256

3f1ecc5ad2ba9ce4ac4e8c38ad57feea77c99077bdbaba259054e87d32fbaa81
SHA512

e90b7fc4a617fc01e992e0ac0887d89adf0cf87d16e79f1260db6052c3ce766b817c92c929d301f6755ca1cfb0774c1fdd30a49629d63daff654e4e9432576e1
SSDEEP

12288:u2wMqMk9GIy3pBSyQmg4wqdvVGx8Rww8tRf1QTAaWB+GR:u2hqMCGIOS78zGuRE9sHWr

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.mcltransindo.com
Port:
587
Username:
[email protected]
Password:
mcltelv#06032019#
Email To:
[email protected]

Targets

- Target
  
  URGENT REQUEST FOR QUOTATION.exe
- Size
  
  694KB
- MD5
  
  47cfd7df0907f049cb95d36e82e2a60b
- SHA1
  
  97ccc9a37ca3c281f6d15e45b393a831109c8caa
- SHA256
  
  15d92d97b0d9181ef3a9270baa8d36b15f6e5c61a8c26ebceffcb3af2d06b527
- SHA512
  
  4621674c28eb6cd86d24727a4aef42ff93bbd9012eea899f726e60acbffc51f97bb3d95ed91d40fda57ab9951a499ce92ecce9d99d0007e5b4ac08eb27652537
- SSDEEP
  
  12288:AJJ4NOlWlrfYer1AAMJ8soKIt8MKjtEsnab0VA0OGX7ZcGHWhjm5kR:AaEldJ8zK3MKpEsnab0VTOGX7RH+jmk
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan