agenttesla | f80634354eaa11b9bd3c8cc13f1dbd03b4b3b73de43bc6101ce99b05ffab4660 | Triage

Resubmissions

19-03-2024 10:43

240319-mr8kmaag6t 10

19-03-2024 09:44

240319-lqgvvage78 10

Sharing

General

Target

lee.exe
Size

648KB
Sample

240319-lqgvvage78
MD5

d5fda8517a450948764da4b1618f831e
SHA1

fe469fa291b9650d44eb331857ba206fb26f18b5
SHA256

f80634354eaa11b9bd3c8cc13f1dbd03b4b3b73de43bc6101ce99b05ffab4660
SHA512

323a184e5a1f44df66b5acfb833688ab1caf877a8c565acd517b01400a5032530d7026fed2d45448b887e5ea031d20628c44e459557a776861e3142448306f1f
SSDEEP

12288:llPloOJRYWqKpyxVTEVY4j5ChbyoZT1fNfhsPetrFPehIPf5OoGhV1FnmxmrS3tN:H9oOJbNedEVd8hy85sOPehgO9hV1p0tN

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
sg2plcpnl0128.prod.sin2.secureserver.net
Port:
587
Username:
[email protected]
Password:
]EMe[F7b^j@[
Email To:
[email protected]

Targets

- Target
  
  lee.exe
- Size
  
  648KB
- MD5
  
  d5fda8517a450948764da4b1618f831e
- SHA1
  
  fe469fa291b9650d44eb331857ba206fb26f18b5
- SHA256
  
  f80634354eaa11b9bd3c8cc13f1dbd03b4b3b73de43bc6101ce99b05ffab4660
- SHA512
  
  323a184e5a1f44df66b5acfb833688ab1caf877a8c565acd517b01400a5032530d7026fed2d45448b887e5ea031d20628c44e459557a776861e3142448306f1f
- SSDEEP
  
  12288:llPloOJRYWqKpyxVTEVY4j5ChbyoZT1fNfhsPetrFPehIPf5OoGhV1FnmxmrS3tN:H9oOJbNedEVd8hy85sOPehgO9hV1p0tN
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan