agenttesla | 740afaf065dde91af29d6796021110be15706d316eb0fa1d52f033f51e5a85ea | Triage

Sharing

General

Target

740afaf065dde91af29d6796021110be15706d316eb0fa1d52f033f51e5a85ea
Size

1.0MB
Sample

240425-dysy3sef7s
MD5

855d8e2fe3cfad8f3c7d700d82d1f498
SHA1

5bdd4805f069c655c4ebc0975b18c51a758f53f5
SHA256

740afaf065dde91af29d6796021110be15706d316eb0fa1d52f033f51e5a85ea
SHA512

0a881f904d29d3808815b707d33b1098c0a50c9a57c33d7a612e0559a66f3598c6b377d02423cba643bc7af5dc81dd4f330bd151a4f5ff7339bc57e83b495e81
SSDEEP

24576:30QxE8tlC5igXzVZTed4RYCQsd6rKISyv9:3A8vCAgjVMd4RRFdsSyV

Score

10^/10

agenttesla evasion keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7099320956:AAEbKuoPa3eGpVw59XdjZSpakl0EQvO5p9g/

Targets

- Target
  
  740afaf065dde91af29d6796021110be15706d316eb0fa1d52f033f51e5a85ea
- Size
  
  1.0MB
- MD5
  
  855d8e2fe3cfad8f3c7d700d82d1f498
- SHA1
  
  5bdd4805f069c655c4ebc0975b18c51a758f53f5
- SHA256
  
  740afaf065dde91af29d6796021110be15706d316eb0fa1d52f033f51e5a85ea
- SHA512
  
  0a881f904d29d3808815b707d33b1098c0a50c9a57c33d7a612e0559a66f3598c6b377d02423cba643bc7af5dc81dd4f330bd151a4f5ff7339bc57e83b495e81
- SSDEEP
  
  24576:30QxE8tlC5igXzVZTed4RYCQsd6rKISyv9:3A8vCAgjVMd4RRFdsSyV
Score

10^/10

agenttesla evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

agentteslaevasionkeyloggerspywarestealertrojan