agenttesla | aa30351848b61883d95a52e505978c07d761d743e172cee3ed96c0ef801ee47e | Triage

Sharing

General

Target

aa30351848b61883d95a52e505978c07d761d743e172cee3ed96c0ef801ee47e
Size

622KB
Sample

240328-bpt4nsac24
MD5

86eb33340da5adfa46c9ebab4e288f23
SHA1

c8a8b2182f891f12657441c496a607ceaaab04cb
SHA256

aa30351848b61883d95a52e505978c07d761d743e172cee3ed96c0ef801ee47e
SHA512

b4014a13291b73d804662cdfe6256a903a2ea84ab15c69ac1ea6c60b116a8270c6b46608382795b7edfdcd1c97accfe0ba02776651942b46ed5e6779ae978042
SSDEEP

12288:Ga5W3ob2VFy7sPI2jiYhYtq0PQq+ehYumYRcgDJHjP2TeGsKfSqL3Z/wMTe+sU0:C39Fy7sPI2jN4q/JuDRcCpKfXRwseL

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.gosportz.in
Port:
587
Username:
[email protected]
Password:
Ss@gosportz
Email To:
[email protected]

Targets

- Target
  
  aa30351848b61883d95a52e505978c07d761d743e172cee3ed96c0ef801ee47e
- Size
  
  622KB
- MD5
  
  86eb33340da5adfa46c9ebab4e288f23
- SHA1
  
  c8a8b2182f891f12657441c496a607ceaaab04cb
- SHA256
  
  aa30351848b61883d95a52e505978c07d761d743e172cee3ed96c0ef801ee47e
- SHA512
  
  b4014a13291b73d804662cdfe6256a903a2ea84ab15c69ac1ea6c60b116a8270c6b46608382795b7edfdcd1c97accfe0ba02776651942b46ed5e6779ae978042
- SSDEEP
  
  12288:Ga5W3ob2VFy7sPI2jiYhYtq0PQq+ehYumYRcgDJHjP2TeGsKfSqL3Z/wMTe+sU0:C39Fy7sPI2jN4q/JuDRcCpKfXRwseL
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan