agenttesla | 095641daafc4aa5269753ed2d9d1beb96f6fb7b6ee6300abf0d9d25bc62c53ab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SHIPPING ORDER.r15.rar
Size

604KB
Sample

240417-lpbx7scg6z
MD5

b36132fd51ddea2d05fee2310701e685
SHA1

a902f152500e5e7e81895406a2a2d9a7e9f9bba9
SHA256

095641daafc4aa5269753ed2d9d1beb96f6fb7b6ee6300abf0d9d25bc62c53ab
SHA512

5d12a95f1cfd957f998fe923365a59fc0dea736c0c0046aeef271e2d410d278ae2c080c65e3a241ae23797d8bbe6ac08b2b3956e05f1c9064685ff04407e9fdd
SSDEEP

12288:fgYzgT1xRKC31/hpd55pHHQ5lcLCT9BbnGd8ZBQ/rXpmGg+xt:YYcTb8SNhpd55F4WA9gau/rU+

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.thelamalab.com
Port:
587
Username:
[email protected]
Password:
Thel@malab@20!9
Email To:
[email protected]

Targets

- Target
  
  SHIPPING ORDER.exe
- Size
  
  622KB
- MD5
  
  b2f3173adb50e33e57b1d47ab9e6dc29
- SHA1
  
  e41f468a2f4cd21acadd1deae2509b68b3e9b545
- SHA256
  
  7e7f02e7ac8a525256a238e4f7306e070b36199c265d8588b9a5d2193c1ae7df
- SHA512
  
  86f2b81587b86c31a4232ff6826ba21783d85492da7b67bfd5e2af5dee1da9377560fb63fbccb4f28a12ecedfc298dd7cf9e2dd3cc4fd011c22047606205d673
- SSDEEP
  
  12288:ZnteKVK1ydfurWWjFQxRfESxwry1pReyDVQzuuuHneIxRKh9L+JqDAow0YIc:reW+QfuaWjFcRMSx7eyDWquuHpxsL+JL
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan