agenttesla | a74b536fee9f0b123007a407dc96d6f6b5ade2c67532936666dc9ed345cf279c | Triage

Sharing

General

Target

SecuriteInfo.com.Variant.Ransom.Loki.19527.9895.18577.exe
Size

997KB
Sample

240425-lfbk3shd8s
MD5

cd6222a478ab6d10ad8580a791d311c2
SHA1

0219966f1b45dc289dade12d868b92478c18d120
SHA256

a74b536fee9f0b123007a407dc96d6f6b5ade2c67532936666dc9ed345cf279c
SHA512

d68b5281364de90c93580a66c5b73c8618d0eac71455b3f81892d96ec53dde83bc185ac907fa6223039a2b86537f5114d50d5213dbc675f9bffa0d9f64d03019
SSDEEP

12288:J3EGYeYIPXjpU4t4Kj5JQWlBcNwf1ISsfNUMc/YtWW6lmtlLkNJDSg0J4bakJQZN:J3EbeYIPrF5p7tISsmMeW2mfkrLMf

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
godwillxzn.com
Port:
587
Username:
[email protected]
Password:
)F5u#OofP_eq
Email To:
[email protected]

Targets

- Target
  
  SecuriteInfo.com.Variant.Ransom.Loki.19527.9895.18577.exe
- Size
  
  997KB
- MD5
  
  cd6222a478ab6d10ad8580a791d311c2
- SHA1
  
  0219966f1b45dc289dade12d868b92478c18d120
- SHA256
  
  a74b536fee9f0b123007a407dc96d6f6b5ade2c67532936666dc9ed345cf279c
- SHA512
  
  d68b5281364de90c93580a66c5b73c8618d0eac71455b3f81892d96ec53dde83bc185ac907fa6223039a2b86537f5114d50d5213dbc675f9bffa0d9f64d03019
- SSDEEP
  
  12288:J3EGYeYIPXjpU4t4Kj5JQWlBcNwf1ISsfNUMc/YtWW6lmtlLkNJDSg0J4bakJQZN:J3EbeYIPrF5p7tISsmMeW2mfkrLMf
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan