agenttesla | 5d2b78785f719fda04cda095b4dfb75d00440fc39ab6e52d176a74786541bdaf | Triage

Sharing

General

Target

SecuriteInfo.com.Win32.RATX-gen.18898.23590.exe
Size

671KB
Sample

240429-fypmrsbg7y
MD5

fd9af8f629d0d2e3e8cc132cdff97497
SHA1

1552f3db433eb345809069d011f2fb9684032738
SHA256

5d2b78785f719fda04cda095b4dfb75d00440fc39ab6e52d176a74786541bdaf
SHA512

227da1c0f9e83d3b0e757f269b32d617aec47990c5eb6f6787b6036951bab11f5f51051b1c56478fedc1bb8ae04de8404db5d67c437d4c5f20faa1645a77598e
SSDEEP

12288:y5B778QHjEpFzOiLqWEtkHyog+rUVHwP3yu1c2b2PIfQzk3bjzgtVlHxPpoTFqph:6BBiFz7LAkHDUVQPCu132csk3zybR+TS

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.vw-rmplcars.co.in
Port:
587
Username:
[email protected]
Password:
Gagan#456
Email To:
[email protected]

Targets

- Target
  
  SecuriteInfo.com.Win32.RATX-gen.18898.23590.exe
- Size
  
  671KB
- MD5
  
  fd9af8f629d0d2e3e8cc132cdff97497
- SHA1
  
  1552f3db433eb345809069d011f2fb9684032738
- SHA256
  
  5d2b78785f719fda04cda095b4dfb75d00440fc39ab6e52d176a74786541bdaf
- SHA512
  
  227da1c0f9e83d3b0e757f269b32d617aec47990c5eb6f6787b6036951bab11f5f51051b1c56478fedc1bb8ae04de8404db5d67c437d4c5f20faa1645a77598e
- SSDEEP
  
  12288:y5B778QHjEpFzOiLqWEtkHyog+rUVHwP3yu1c2b2PIfQzk3bjzgtVlHxPpoTFqph:6BBiFz7LAkHDUVQPCu132csk3zybR+TS
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan