agenttesla | bef2bb78ec1aeb4d981cd5819d54393d413a857fd8c670336ad37678157448e7 | Triage

Sharing

General

Target

bef2bb78ec1aeb4d981cd5819d54393d413a857fd8c670336ad37678157448e7
Size

772KB
Sample

240425-cpdmcsdf9y
MD5

7038d4d98c3b6f090f3256741222a8cb
SHA1

fc5728d10ce29f7c5255b5cc6f9c8f9010f3783f
SHA256

bef2bb78ec1aeb4d981cd5819d54393d413a857fd8c670336ad37678157448e7
SHA512

cf1a435264ddc43bd938ef13d834282732fde5fe2d1ad7de97bd5d2202db00e99967c331d663098367f158a83b5eb76b9e8d90fba7b6b5b033d93e0259c91d32
SSDEEP

12288:TF2iNNt6DUTPle1gkFi3+K7WCKHlVPGfJlD9YHnx5X7s2neqealv312Z3Q:TF1wee1gR3baCIP0JwnPs2eCJ312ZQ

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.nizagorjemalo.hr
Port:
587
Username:
[email protected]
Password:
Extreme192
Email To:
[email protected]

Targets

- Target
  
  bef2bb78ec1aeb4d981cd5819d54393d413a857fd8c670336ad37678157448e7
- Size
  
  772KB
- MD5
  
  7038d4d98c3b6f090f3256741222a8cb
- SHA1
  
  fc5728d10ce29f7c5255b5cc6f9c8f9010f3783f
- SHA256
  
  bef2bb78ec1aeb4d981cd5819d54393d413a857fd8c670336ad37678157448e7
- SHA512
  
  cf1a435264ddc43bd938ef13d834282732fde5fe2d1ad7de97bd5d2202db00e99967c331d663098367f158a83b5eb76b9e8d90fba7b6b5b033d93e0259c91d32
- SSDEEP
  
  12288:TF2iNNt6DUTPle1gkFi3+K7WCKHlVPGfJlD9YHnx5X7s2neqealv312Z3Q:TF1wee1gR3baCIP0JwnPs2eCJ312ZQ
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan