agenttesla | 7ed6e1978285b46db8a796f0df455c0843046e117eca2e41231b8dc0231fdfad | Triage

Sharing

General

Target

NPCC Enquiry ref (RFQ)- GPO-16- 0101-CPF- MR-PSD-16-055-Request For Quotation OGC-PR-16-6000000351.exe
Size

983KB
Sample

240429-ler7faff2s
MD5

56d373b5443c15c4f2709ded9aedc848
SHA1

d37b67bb8a6edf795793d10b007ee3fa79745ab8
SHA256

7ed6e1978285b46db8a796f0df455c0843046e117eca2e41231b8dc0231fdfad
SHA512

bdece2e7dd0739fde11288b5e2b833bf5f77bcfaea4ab106d43ded1c733bbeca64941603d630fd3d1179c548ec679cf5e7baea5c62f837b1f9be5fbd4961b35c
SSDEEP

12288:utqItUpkwHobEdEufPj9JBnuMOlk0P7E/fjhfrLns+7vhKY+mzbvDh:kBtzwHobQEgPNwkKs7hfHnN7vhKmzTd

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.tabcoeng.com
Port:
587
Username:
[email protected]
Password:
TaSq3365!
Email To:
[email protected]

Targets

- Target
  
  NPCC Enquiry ref (RFQ)- GPO-16- 0101-CPF- MR-PSD-16-055-Request For Quotation OGC-PR-16-6000000351.exe
- Size
  
  983KB
- MD5
  
  56d373b5443c15c4f2709ded9aedc848
- SHA1
  
  d37b67bb8a6edf795793d10b007ee3fa79745ab8
- SHA256
  
  7ed6e1978285b46db8a796f0df455c0843046e117eca2e41231b8dc0231fdfad
- SHA512
  
  bdece2e7dd0739fde11288b5e2b833bf5f77bcfaea4ab106d43ded1c733bbeca64941603d630fd3d1179c548ec679cf5e7baea5c62f837b1f9be5fbd4961b35c
- SSDEEP
  
  12288:utqItUpkwHobEdEufPj9JBnuMOlk0P7E/fjhfrLns+7vhKY+mzbvDh:kBtzwHobQEgPNwkKs7hfHnN7vhKmzTd
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan