agenttesla | 912444aec56fd47f95d449249675e51f2b07da90934d486c0d91e148cec71567 | Triage

Sharing

General

Target

FACTURAS PENDIENTES.exe
Size

736KB
Sample

240410-tfrajage3y
MD5

be5049954ae1360c7c73edc98c252948
SHA1

347c475c80875dec8a84f6fbb70309e73f6c6036
SHA256

912444aec56fd47f95d449249675e51f2b07da90934d486c0d91e148cec71567
SHA512

8151efe7a2cbc5af735bd19eae31398ffae0fa19d97991903005c2d0d39e112285c4ea1ccc336429d293a29716d5df38439a1f43caac8f9d4f8fc9991acb89f1
SSDEEP

12288:SydzjtuEA9MsXWyiXiP9tyy2mFYauVJhsM4DZ264KuinZ5F0y65u:SydzB+7XxiXYt12mFYauVjcF2KtnZINw

Score

10^/10

agenttesla evasion keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6840869330:AAEZ4yOJb6l9YkHVol7BaSnML2_yNUN78Xg/

Targets

- Target
  
  FACTURAS PENDIENTES.exe
- Size
  
  736KB
- MD5
  
  be5049954ae1360c7c73edc98c252948
- SHA1
  
  347c475c80875dec8a84f6fbb70309e73f6c6036
- SHA256
  
  912444aec56fd47f95d449249675e51f2b07da90934d486c0d91e148cec71567
- SHA512
  
  8151efe7a2cbc5af735bd19eae31398ffae0fa19d97991903005c2d0d39e112285c4ea1ccc336429d293a29716d5df38439a1f43caac8f9d4f8fc9991acb89f1
- SSDEEP
  
  12288:SydzjtuEA9MsXWyiXiP9tyy2mFYauVJhsM4DZ264KuinZ5F0y65u:SydzB+7XxiXYt12mFYauVjcF2KtnZINw
Score

10^/10

evasion trojan agenttesla keylogger spyware stealer
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslaevasionkeyloggerspywarestealertrojan