agenttesla | 9da495f395181d2188e798281ad85b82acdf6d1185c28885fe193c6c48f78a93 | Triage

Sharing

General

Target

statement and invoices.exe
Size

828KB
Sample

240429-k3wdbseh33
MD5

7ca522120ba2f516eeabd3d3979c14eb
SHA1

3da00a3e7c38b1cab49e7a443a33de11dbd642fc
SHA256

9da495f395181d2188e798281ad85b82acdf6d1185c28885fe193c6c48f78a93
SHA512

2eb76c682e5f86f6148750003e4b51375d7ac58e3486157b0c55da98073fb6f852fa0ef209115f0c8223e2f081df4ecff56e181af540da49fd0819a832cb73b8
SSDEEP

24576:bDPjKr5BND8Vqr4MYBt7xa42c//Bs9zEi:vk5BNggrzia7c3SF

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.probending.co.th
Port:
587
Username:
[email protected]
Password:
9aglmaj6C5hF
Email To:
[email protected]

Targets

- Target
  
  statement and invoices.exe
- Size
  
  828KB
- MD5
  
  7ca522120ba2f516eeabd3d3979c14eb
- SHA1
  
  3da00a3e7c38b1cab49e7a443a33de11dbd642fc
- SHA256
  
  9da495f395181d2188e798281ad85b82acdf6d1185c28885fe193c6c48f78a93
- SHA512
  
  2eb76c682e5f86f6148750003e4b51375d7ac58e3486157b0c55da98073fb6f852fa0ef209115f0c8223e2f081df4ecff56e181af540da49fd0819a832cb73b8
- SSDEEP
  
  24576:bDPjKr5BND8Vqr4MYBt7xa42c//Bs9zEi:vk5BNggrzia7c3SF
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan