agenttesla | fb422ed39cbabcab2449fde2224bfa281f4248e08014b4e3a60003842409d7a6 | Triage

Sharing

General

Target

bank slip.exe
Size

645KB
Sample

240429-z5rkgscf2v
MD5

94140263a36560bda39b02fffafce831
SHA1

33f2c75d6d50ba1acaadc92ae64803ecd3ff18ff
SHA256

fb422ed39cbabcab2449fde2224bfa281f4248e08014b4e3a60003842409d7a6
SHA512

2bf7708f475d4e663cea9c81a5198f1afa8f69d8088b84508d88bb25115beeaae116fb52a6c80c65e15be7f826c6616767afd30f27d19c076786edccefac381e
SSDEEP

12288:zuZk4K7sxuUrrN0I+9Vhbb2guOiAjDHIEf9/Q/3LhqvsqDfzltZWYblmeB778Qoo:JsxumrO7cgu4D5fxALhhqDLl9RmeBf

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.vw-rmplcars.co.in
Port:
587
Username:
[email protected]
Password:
Gagan#456
Email To:
[email protected]

Targets

- Target
  
  bank slip.exe
- Size
  
  645KB
- MD5
  
  94140263a36560bda39b02fffafce831
- SHA1
  
  33f2c75d6d50ba1acaadc92ae64803ecd3ff18ff
- SHA256
  
  fb422ed39cbabcab2449fde2224bfa281f4248e08014b4e3a60003842409d7a6
- SHA512
  
  2bf7708f475d4e663cea9c81a5198f1afa8f69d8088b84508d88bb25115beeaae116fb52a6c80c65e15be7f826c6616767afd30f27d19c076786edccefac381e
- SSDEEP
  
  12288:zuZk4K7sxuUrrN0I+9Vhbb2guOiAjDHIEf9/Q/3LhqvsqDfzltZWYblmeB778Qoo:JsxumrO7cgu4D5fxALhhqDLl9RmeBf
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan