agenttesla | bae58a6286d8fb60c1118d8024c0aa7e8e8476405b17d05b68502e6bce5b1fd8 | Triage

Sharing

General

Target

HASLK01240203628 Scan Copy.r09
Size

593KB
Sample

240326-mpzvpsgc46
MD5

7802b0eb35cf10723b27f54c862cb0be
SHA1

e215dfb65ee69690739ae9d2cee970dd07d80245
SHA256

bae58a6286d8fb60c1118d8024c0aa7e8e8476405b17d05b68502e6bce5b1fd8
SHA512

55e4361d32ca9f4b28a644b6f280279c176cdf6c0be72884cfac94683b75a26ac73a26a334861792295b7bfdaca4f2542c40511715bd4c84ffdecdb2c47ed42f
SSDEEP

12288:Y0LffZibT48SIYZRqBAI/g0nHzeRUbRAtTbhlt:Yu3ZG48SIaR7I/nHze9hhf

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
sg2plcpnl0128.prod.sin2.secureserver.net
Port:
587
Username:
[email protected]
Password:
]EMe[F7b^j@[
Email To:
[email protected]

Targets

- Target
  
  kYyBuIFRcL6U7Fl.exe
- Size
  
  604KB
- MD5
  
  dc6c813e0b5c0adab63e8f6e47d3fb76
- SHA1
  
  c9979e87cf35d8563a16bf52ad762c04c89badc9
- SHA256
  
  3d6012eb13b5a891571ea2d7c7bf120b9c12d479e5cb2c6ffc7e515e14c46866
- SHA512
  
  c3e83b275c6aedbf56fe581b6e5f5b7f9ec33573c460eca63590a33326c08378dd7ea04b1d80807fdfc74738d432adb9b37892a0655aff8611d2e30f4d9f9ef3
- SSDEEP
  
  12288:z+E26ddIYd1x66+9GreDc4bRbOpPE6/5kqRQeB0QzauW2a5W:aOwO1mQreDc4lypPp+kQelzauWS
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan