agenttesla | 4219d5c7b349d6532744e6477915e7f15191743b952d0ff2b0eed965551e94e7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4219d5c7b349d6532744e6477915e7f15191743b952d0ff2b0eed965551e94e7
Size

664KB
Sample

240417-rnaawada7v
MD5

503bb84ec9cb44433aea5d3638340de9
SHA1

d5cb081a30837a8ef56ececccd14d71060befdd6
SHA256

4219d5c7b349d6532744e6477915e7f15191743b952d0ff2b0eed965551e94e7
SHA512

bccc23d8b1edd2309f5b310d6716200f109fa1a87bab35b0071c7e712658d67b55790162a3bfc213103155a0cf6091831957c1ea29574392c01d906dd672045b
SSDEEP

12288:hN8spXbNkWVXnq415PIjP5njOvrQOy/+aezIb/gR1n:hhpXbNkEqw5QT5njOsOkrewE

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.itresinc.com
Port:
587
Username:
[email protected]
Password:
MT]ANFjWzKTA
Email To:
[email protected]

Targets

- Target
  
  e68a0da390baf3802baa117bce98b4b3bcbd4f0d0f1355df483d1c5366206921.exe
- Size
  
  686KB
- MD5
  
  540e585e51c9a466de5d467f6740d99b
- SHA1
  
  39dd8118ddb60954a0c603cbc4f4636565708d75
- SHA256
  
  e68a0da390baf3802baa117bce98b4b3bcbd4f0d0f1355df483d1c5366206921
- SHA512
  
  bfc4c7c36a33c079aa08a2d75b1be8ff0316f202070b2c7a210b21e8e7e99f52cdba158196b108775b89bf3dcb575c7828b41721c57ba58e852b8505c7fbb646
- SSDEEP
  
  12288:nnQ2GO66qCUOSsRokLB2D/HnYZ9KqEJpcoWCladcon6W3HHI/pUmnZzBh3:nnQ2Gr6q0odnE9K1HFdcjnd3nqnHB
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan