agenttesla | a8b349b432322e5f0e8d12ad970b004588bdeed74c7706d472b54bb30d8d0c72 | Triage

Sharing

General

Target

a8b349b432322e5f0e8d12ad970b004588bdeed74c7706d472b54bb30d8d0c72
Size

704KB
Sample

240426-cqm77ahc2y
MD5

c20c7cb88c595e0b353ff7e9df982635
SHA1

6670ecb1421dc88691801d629b470646c9853e23
SHA256

a8b349b432322e5f0e8d12ad970b004588bdeed74c7706d472b54bb30d8d0c72
SHA512

5e9bf06454d1361581f2f25ffe94f940012dc73bcfc008c1badf4c8a7d9e33839f731c187fa6a9a29f05f26d0822eead08707af6e09e7d9c7d48fdda04be1615
SSDEEP

12288:wWYIPXjxannnHg2vokpbGPAR0dncI/GVHBuUx1xHaSoJXmYx/hWt1NFu6FsVGaE:wWYIPFannnHg2v9KoR0nLmlpEAt1Ns6b

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.satsllc.ae
Port:
587
Username:
ahsan@satsllc.ae
Password:
Ahsan@12345
Email To:
benj50454@gmail.com

Targets

- Target
  
  a8b349b432322e5f0e8d12ad970b004588bdeed74c7706d472b54bb30d8d0c72
- Size
  
  704KB
- MD5
  
  c20c7cb88c595e0b353ff7e9df982635
- SHA1
  
  6670ecb1421dc88691801d629b470646c9853e23
- SHA256
  
  a8b349b432322e5f0e8d12ad970b004588bdeed74c7706d472b54bb30d8d0c72
- SHA512
  
  5e9bf06454d1361581f2f25ffe94f940012dc73bcfc008c1badf4c8a7d9e33839f731c187fa6a9a29f05f26d0822eead08707af6e09e7d9c7d48fdda04be1615
- SSDEEP
  
  12288:wWYIPXjxannnHg2vokpbGPAR0dncI/GVHBuUx1xHaSoJXmYx/hWt1NFu6FsVGaE:wWYIPFannnHg2v9KoR0nLmlpEAt1Ns6b
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan