agenttesla | 0e3829a03b5d78e96c929e089ef91ca74c2e3bf3bdc1b263c9409c0d35b5166a | Triage

Sharing

General

Target

RCP000004689 Scan Copy.exe
Size

689KB
Sample

240327-m3d56adg5x
MD5

ff97d529e83654c94df6de34f1868dae
SHA1

c544e17962e634fb0866a3fc798a820dacd04d1c
SHA256

0e3829a03b5d78e96c929e089ef91ca74c2e3bf3bdc1b263c9409c0d35b5166a
SHA512

9e7a118dabeb8f9e583487e7903815202b69bda5a79f63f054a826341463d5876c9d8185b99695f988231e670249a72e228b80d8a9e084c95611523abdceb469
SSDEEP

12288:HUzWSsykmrzmac+vB5yG5CWcV4NKeHe1+YuDqZFr1KY9bh4CMwjN:HSmykszmw75CZ+0eHek1q1KY93N

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
sg2plcpnl0128.prod.sin2.secureserver.net
Port:
587
Username:
[email protected]
Password:
oc27-JcbRAO~
Email To:
[email protected]

Targets

- Target
  
  RCP000004689 Scan Copy.exe
- Size
  
  689KB
- MD5
  
  ff97d529e83654c94df6de34f1868dae
- SHA1
  
  c544e17962e634fb0866a3fc798a820dacd04d1c
- SHA256
  
  0e3829a03b5d78e96c929e089ef91ca74c2e3bf3bdc1b263c9409c0d35b5166a
- SHA512
  
  9e7a118dabeb8f9e583487e7903815202b69bda5a79f63f054a826341463d5876c9d8185b99695f988231e670249a72e228b80d8a9e084c95611523abdceb469
- SSDEEP
  
  12288:HUzWSsykmrzmac+vB5yG5CWcV4NKeHe1+YuDqZFr1KY9bh4CMwjN:HSmykszmw75CZ+0eHek1q1KY93N
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan