agenttesla | 0f66c8e4039bea59084b8be9cc11ecadfebc4587787bf9ba3729e92e2d5cfb55 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f66c8e4039bea59084b8be9cc11ecadfebc4587787bf9ba3729e92e2d5cfb55
Size

707KB
Sample

240417-rk8dhabd92
MD5

9190b58303dd6d403c8aab153d2917ae
SHA1

0365229b3934bf2d58b3b204b965db2a3a254e7b
SHA256

0f66c8e4039bea59084b8be9cc11ecadfebc4587787bf9ba3729e92e2d5cfb55
SHA512

255a342544055a03fc24daed8db3e3efcc71c61b5d2c755bd840895236c98113c29077934a78fe1a732919855b72cd252aa33d49bd7271c609fdd3e123fe40c6
SSDEEP

12288:iM+54ZndkUMyxWTajoW+3vwYYFcQNELkD57NBuD6OAnhzQf3hiiJK8080HJFsAL4:w4ZndZnUacWIvwYY+Qqo7BuFGM3n0L0p

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.oceanskylogistics.in
Port:
587
Username:
[email protected]
Password:
Oce@n@1234
Email To:
[email protected]

Targets

- Target
  
  47c804d46a50ee31a41a5ce6f83fe6bae0536df92a622495a7af843f22955b2e.exe
- Size
  
  852KB
- MD5
  
  6df4ff522639143fc111d389ff045a87
- SHA1
  
  420d428bbe84af81314f712f145ce45406a82743
- SHA256
  
  47c804d46a50ee31a41a5ce6f83fe6bae0536df92a622495a7af843f22955b2e
- SHA512
  
  58ea2aacb561316e747ba190e9fc70ce6e71ee2e611570dd9b507c1d4791b09ff5e64e1d40a734d5b3f5df188ea22e083f268f38711b3ff828f4670442788290
- SSDEEP
  
  24576:SVdblglglglPdRQy2xAvL/3vLczzWzkyxXtpodzxb:TdCjyD/8zS9NqzR
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan