agenttesla | f8e6583d8b52b95801109030c4b4479ee0d085f781e0efd985d8abdf24919f9d | Triage

Sharing

General

Target

f8e6583d8b52b95801109030c4b4479ee0d085f781e0efd985d8abdf24919f9d
Size

980KB
Sample

240425-c77m6adh56
MD5

a3f8fc485938b85b20d0d72daf006db5
SHA1

b72e5c0c9463577a2dfe815fd76b6448ee999d4a
SHA256

f8e6583d8b52b95801109030c4b4479ee0d085f781e0efd985d8abdf24919f9d
SHA512

3fdf772c948fa0f2bf67be37e2583ed0f692545c50a07172140472f838df7ed5dc671adc4ce64d658b29194a116f0a298ca959bf720f9a3f0a6a2b574f1cd01b
SSDEEP

24576:4K17srDOgLqWs7Gn7f97jKx2J312Z4fJYOW:F0OgGZ7GnTxmYJl2EJYO

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
pro56.emailserver.vn
Port:
587
Username:
[email protected]
Password:
techlink@123
Email To:
[email protected]

Targets

- Target
  
  f8e6583d8b52b95801109030c4b4479ee0d085f781e0efd985d8abdf24919f9d
- Size
  
  980KB
- MD5
  
  a3f8fc485938b85b20d0d72daf006db5
- SHA1
  
  b72e5c0c9463577a2dfe815fd76b6448ee999d4a
- SHA256
  
  f8e6583d8b52b95801109030c4b4479ee0d085f781e0efd985d8abdf24919f9d
- SHA512
  
  3fdf772c948fa0f2bf67be37e2583ed0f692545c50a07172140472f838df7ed5dc671adc4ce64d658b29194a116f0a298ca959bf720f9a3f0a6a2b574f1cd01b
- SSDEEP
  
  24576:4K17srDOgLqWs7Gn7f97jKx2J312Z4fJYOW:F0OgGZ7GnTxmYJl2EJYO
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan