agenttesla | ea4a760a5fe1ba67561424153c950696658416239d04274d35a527d7ba37179d | Triage

Sharing

General

Target

a860a86b9d9c109467efcfa76487a95c.bin
Size

816KB
Sample

240425-ccgs9adb98
MD5

5436a6bdc046c4b5d0be1304134c3996
SHA1

b1df578f0515609bb88c2269a89ebcd9c3b6a597
SHA256

ea4a760a5fe1ba67561424153c950696658416239d04274d35a527d7ba37179d
SHA512

a38e597a0221405cf562273b1f65fa33f3411e53385b121b859fa22a9fe750737e8c410cbae5dcc592f1dafdde04088d1f0c03f68588f4174e884ccbcd73a746
SSDEEP

24576:6T1LvYUNFKL4s8vDXjSyQKYGX6ef233XeNd27:6T1LtFhTj1YGX6GUgI7

Score

10^/10

agenttesla evasion keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7099320956:AAEbKuoPa3eGpVw59XdjZSpakl0EQvO5p9g/

Targets

- Target
  
  DHL Receipt 004673321/DHL Receipt 004673321.pdf.exe
- Size
  
  300.0MB
- MD5
  
  3f550e2404750bee9767c47ac42324ba
- SHA1
  
  7ce5b605f6ed25eca0243d9ac09a0b231cc9c3dc
- SHA256
  
  859d964cf907965c62903bddeb0667d570139bdb6b8fd0113d430b5f48cc7d52
- SHA512
  
  3e925a0036f71e4649da08e88ab80b816132f5d596189eaea04e95744ba2fa3180887f404a489b0e5dd4e32361e0e7dc29c272f391067094e4e0efa779c50058
- SSDEEP
  
  24576:xA2q55503nejbo6m7JkWao7AwnNxADGq/OCemti9vMY6TtyC:U5550sbyiWaw565tYct
Score

10^/10

agenttesla evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslaevasionkeyloggerspywarestealertrojan