agenttesla | 3745f7e1264001ba8e6af700ac9bcb56d0846955c34ed1439336762902ded110 | Triage

Sharing

General

Target

3745f7e1264001ba8e6af700ac9bcb56d0846955c34ed1439336762902ded110
Size

653KB
Sample

240417-rkkmfabd64
MD5

183a92ad781772c147f07e54b113012d
SHA1

5106a88cf5f86e9c63ac48ff372186efea4525ce
SHA256

3745f7e1264001ba8e6af700ac9bcb56d0846955c34ed1439336762902ded110
SHA512

78d53cf916ceade0264e0329206af3494c9eb513c6fb824848570090a786060e551273a83e0dd92c50b1d4573a9b63a17991fbf2af9d7c98bbd16e1081da689e
SSDEEP

12288:ITfzunFtIYU6D5NCIyhP3gldVYhhDxJZ9EkE/c7zyI5ukrPw:QzOFtRU6DihP0qhHZg8Zw

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.wasstech.com
Port:
587
Username:
[email protected]
Password:
Sunray2700@@
Email To:
[email protected]

Targets

- Target
  
  26f2de44cd4e8b377c64aab82b1352bffe6329a7313e1ef70ed4979ff46255a3.exe
- Size
  
  689KB
- MD5
  
  c4d61f1c2401a1ff8ada071ca59c0154
- SHA1
  
  9477b7474de2b08bd9cdaed098a07038a2a7b77a
- SHA256
  
  26f2de44cd4e8b377c64aab82b1352bffe6329a7313e1ef70ed4979ff46255a3
- SHA512
  
  8539727bb47d40d73303e6f4dceccccd97e4d021ee91d775bda1ce8e0f23c9b1069210ea47511a2bb17c6644ae9af9266728ac45481c19faa6943f9fb73fa15c
- SSDEEP
  
  12288:eLlL9bW9eznNCJu+sSnCvvV2PDQkMaKSlodAa1/CavhX8KKvivYXTB1nkqezlS6H:eZL9iyNCJuJSnqvVWDQIK7C8/CavhX3u
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan