agenttesla | 3d6012eb13b5a891571ea2d7c7bf120b9c12d479e5cb2c6ffc7e515e14c46866 | Triage

Resubmissions

26-03-2024 10:33

240326-ml1b3aba8y 10

26-03-2024 10:30

240326-mjtrhagb54 10

Sharing

General

Target

kYyBuIFRcL6U7Fl.exe
Size

604KB
Sample

240326-mjtrhagb54
MD5

dc6c813e0b5c0adab63e8f6e47d3fb76
SHA1

c9979e87cf35d8563a16bf52ad762c04c89badc9
SHA256

3d6012eb13b5a891571ea2d7c7bf120b9c12d479e5cb2c6ffc7e515e14c46866
SHA512

c3e83b275c6aedbf56fe581b6e5f5b7f9ec33573c460eca63590a33326c08378dd7ea04b1d80807fdfc74738d432adb9b37892a0655aff8611d2e30f4d9f9ef3
SSDEEP

12288:z+E26ddIYd1x66+9GreDc4bRbOpPE6/5kqRQeB0QzauW2a5W:aOwO1mQreDc4lypPp+kQelzauWS

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
sg2plcpnl0128.prod.sin2.secureserver.net
Port:
587
Username:
[email protected]
Password:
]EMe[F7b^j@[
Email To:
[email protected]

Targets

- Target
  
  kYyBuIFRcL6U7Fl.exe
- Size
  
  604KB
- MD5
  
  dc6c813e0b5c0adab63e8f6e47d3fb76
- SHA1
  
  c9979e87cf35d8563a16bf52ad762c04c89badc9
- SHA256
  
  3d6012eb13b5a891571ea2d7c7bf120b9c12d479e5cb2c6ffc7e515e14c46866
- SHA512
  
  c3e83b275c6aedbf56fe581b6e5f5b7f9ec33573c460eca63590a33326c08378dd7ea04b1d80807fdfc74738d432adb9b37892a0655aff8611d2e30f4d9f9ef3
- SSDEEP
  
  12288:z+E26ddIYd1x66+9GreDc4bRbOpPE6/5kqRQeB0QzauW2a5W:aOwO1mQreDc4lypPp+kQelzauWS
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerspywarestealertrojan