agenttesla | cbb7987002f88647de9d9ad75a7947e657ad6b6e506beb4f50d375a301713f2c | Triage

Sharing

General

Target

PO52871.gz
Size

624KB
Sample

240405-rqggzaeg67
MD5

659316226906aa1802579251cdad09ef
SHA1

d160df00847f25386679d6f7530ce400ec4a9bae
SHA256

cbb7987002f88647de9d9ad75a7947e657ad6b6e506beb4f50d375a301713f2c
SHA512

937eea2504b33234f459024ca69df13e746199faac2f830b87a128574c62c37165a046dac80641de101619ef2ffd26ab756523d7b5d8a88810fed10536dab8d5
SSDEEP

12288:AoO9XPUS/BSWnv036zJE76GOcnF2tPqPLWHcueoc4mMku+oOb:GXsS5nEYInOJCPLWZedAkuhS

Score

10^/10

agenttesla evasion keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.gqcl.co.uk
Port:
587
Username:
[email protected]
Password:
LfmAtS6gXN

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.gqcl.co.uk
Port:
587
Username:
[email protected]
Password:
LfmAtS6gXN
Email To:
[email protected]

Targets

- Target
  
  PO52871.exe
- Size
  
  802KB
- MD5
  
  a704a47781612c6c01dc0c6e42a47a92
- SHA1
  
  c4d715a196c7df1f43121f2688d8483856ce0023
- SHA256
  
  e5d2a19d86cc1ed1a2b79357b2d629ad018881b6a000d4c7244138affbbb3cea
- SHA512
  
  c6d08a86bc6cd773298677b3d43b5ed57d61dad4edd97bd1cf62f195adaf084ecd6fe86bcd2a7c63afae9a1eaa5a6f07f42c9177cacd5d2c6091668f37eec1d2
- SSDEEP
  
  12288:9j7Pym/NSsFF0LO3hQbIGOyT72tPKjLSH4QeQcImIkm+oKl:d76m1jmU8VORyjLSxe1Mkmhu
Score

10^/10

agenttesla evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaevasionkeyloggerspywarestealertrojan

behavioral2

agentteslaevasionkeyloggerspywarestealertrojan