agenttesla | 093232c9eb6ab3542e1981a221cc4e3d90c45c55a5557339531e8171b1c9e43b | Triage

Sharing

General

Target

b724752855a6406ad4925cb41112aecf.bin
Size

673KB
Sample

240327-ekae9afb9w
MD5

f702722e3c4404713cfd9142887fa33f
SHA1

b49acd0ad30895bcdee0cf30b8ca38adbcf9e6a7
SHA256

093232c9eb6ab3542e1981a221cc4e3d90c45c55a5557339531e8171b1c9e43b
SHA512

f93a3ada13f46745668e2a1c1c2f3471fc68b9946b0ff6af036a790fd0b2594e057383c4b5c996b09e069bb3693bee4298a048662be551e4c78c7d3af827ce25
SSDEEP

12288:71jQzQGIwHg1MSEYAD6aJwqDPcgLRWpbdIS/ArLTGZ07E8fW4EdvoPEa8:71j/UHQJEDxw3cUpbB/707Jk9oPEa8

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.jitmachineryservices.co.ke
Port:
587
Username:
[email protected]
Password:
NyambuClaris21@2024
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
mail.jitmachineryservices.co.ke
Port:
587
Username:
[email protected]
Password:
NyambuClaris21@2024

Targets

- Target
  
  7f7230e7228c5ddd4e0536f6401123cc6eb5f3a6b1fb05abdce2d664870b590b.exe
- Size
  
  720KB
- MD5
  
  b724752855a6406ad4925cb41112aecf
- SHA1
  
  7c9f7f93ffa91b8adb8d5b9d54d5273d249ab0b8
- SHA256
  
  7f7230e7228c5ddd4e0536f6401123cc6eb5f3a6b1fb05abdce2d664870b590b
- SHA512
  
  ff7c779f16ffe9072bf922b81cfd647e08252c58d5526eb280c8edc0be2a022a3a10ecea6bf45d2927959bb4de96b84c04adf28ae48a5134d063cc437b67947e
- SSDEEP
  
  12288:O4CMwLEQunS2vBq4CaS3yaBE235eicOFXbOrkC73QavZ3MKPjvKsIuGllA:mEz8DaS/xbOgWJvNMZsI7
Score

10^/10

agenttesla keylogger spyware stealer trojan persistence
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan