agenttesla | 18daba3117e89d79b6b15e36df26001d153b5e4fea9c904b9e9085ac9720a728 | Triage

Sharing

General

Target

2314cf9e8e1ef240d0cc104672c7b99e.bin
Size

600KB
Sample

240315-bgzn7aeg63
MD5

48a0a35224ef859c822a4f2f2841c5cf
SHA1

01b281bb58e874eb5301babd8a643a8408bdbe24
SHA256

18daba3117e89d79b6b15e36df26001d153b5e4fea9c904b9e9085ac9720a728
SHA512

e7942997b21180c57d6d89c8b322da30f57f4b99b0afe3f11258a85ba08983c973de564fff0e091ff9d6294458f1784e24013ef9954b3d7511352d6790153fab
SSDEEP

12288:zlhwfZwJCRDMzqAeTSZMcxQiqBZxDh2L/hEpicJHAMZr1aeYAFsCf47vZxk:zJ0bdcGB/gI/BLJae5Fsrzk

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.clslk.com
Port:
587
Username:
[email protected]
Password:
NUZRATHinam1978
Email To:
[email protected]

Targets

- Target
  
  f79941668c6679c1f5770816ce7b68a2d518caa7d7218299f7a1908cf338297a.exe
- Size
  
  633KB
- MD5
  
  2314cf9e8e1ef240d0cc104672c7b99e
- SHA1
  
  c4e977ad8eb99fef7788041c3fc9760dd4c087f9
- SHA256
  
  f79941668c6679c1f5770816ce7b68a2d518caa7d7218299f7a1908cf338297a
- SHA512
  
  e4de0fbef2d827ed74d4d35ab986e61cd79ccea799d58f727d3f19ae177f5bf6c679300f3ffda203c28b98e72f9021fc12a731c50605dadeb135592459467728
- SSDEEP
  
  12288:Sp81G9NizKr95RTuCHtQ8VmTy3uWO5+o9O/5HemMIpFPIxWkR:M81iNiGrBTvQTy2ujMI3IP
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan