agenttesla | 28eefb7150a9dcdd55acb7b3e420486bfca2e84eb7a4b14a395e1ecfb460c1b3 | Triage

Sharing

General

Target

28eefb7150a9dcdd55acb7b3e420486bfca2e84eb7a4b14a395e1ecfb460c1b3
Size

13KB
Sample

240426-cnzhfahc36
MD5

592d29d893dc150a9e6af51da23f8762
SHA1

9ba30af697faad5252d5999254a425cc2b7f5957
SHA256

28eefb7150a9dcdd55acb7b3e420486bfca2e84eb7a4b14a395e1ecfb460c1b3
SHA512

8a9777d92dd2da97872901467b2c381821ae4e1fd247c472374443376f57b5d603cf58d315f1c0a4be5ffe84ecf95795cedd4ca62bd2b377402e1f8608f4b00c
SSDEEP

384:0pBXkRVwPqUqcCwEUuzd+mw5G6GV3zk93H+zyRJeVpPgRcVNSbsBBYAV9c:1VmXbCwqzgz5GxV3zk9ueqVZ4zV

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
ablegod1122

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
ablegod1122
Email To:
[email protected]

Targets

- Target
  
  28eefb7150a9dcdd55acb7b3e420486bfca2e84eb7a4b14a395e1ecfb460c1b3
- Size
  
  13KB
- MD5
  
  592d29d893dc150a9e6af51da23f8762
- SHA1
  
  9ba30af697faad5252d5999254a425cc2b7f5957
- SHA256
  
  28eefb7150a9dcdd55acb7b3e420486bfca2e84eb7a4b14a395e1ecfb460c1b3
- SHA512
  
  8a9777d92dd2da97872901467b2c381821ae4e1fd247c472374443376f57b5d603cf58d315f1c0a4be5ffe84ecf95795cedd4ca62bd2b377402e1f8608f4b00c
- SSDEEP
  
  384:0pBXkRVwPqUqcCwEUuzd+mw5G6GV3zk93H+zyRJeVpPgRcVNSbsBBYAV9c:1VmXbCwqzgz5GxV3zk9ueqVZ4zV
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerspywarestealertrojan