agenttesla | ff83eea6602f31996519df148dc9d1b090fe885caa81a0893fff78a0b1fa2ef2 | Triage

Sharing

General

Target

2eeec947de3dee177c0a5ff2727e98953d0285f174b43074fee0a6e909c1593a
Size

871B
Sample

240710-fh5n2sxfjr
MD5

7f2f4defe96ef3a64b8b00c2cb5fff79
SHA1

7f665204f41558ec7f1604c4ab3f4419a1294cbc
SHA256

ff83eea6602f31996519df148dc9d1b090fe885caa81a0893fff78a0b1fa2ef2
SHA512

e56a70a4f7e0204b2e7f1b1c0a8fd2a751cbbfc15c4367dbb145a7cc5d2e94396d9279463c9caaf7db3c4bde349c2048c1714a44612f46aa37932076b44cd0fa

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
bizr usjt guapiims

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
bizr usjt guapiims
Email To:
[email protected]

Targets

- Target
  
  2eeec947de3dee177c0a5ff2727e98953d0285f174b43074fee0a6e909c1593a
- Size
  
  7KB
- MD5
  
  bc80530079fd263dd26e267d797cd4ad
- SHA1
  
  54215542d4c17815915c2aa3efe76605b394092f
- SHA256
  
  2eeec947de3dee177c0a5ff2727e98953d0285f174b43074fee0a6e909c1593a
- SHA512
  
  64799c7cd10dff4c002f7ac77db485593d13b6f79a983e9b7c785e8a411958b10238daae69f8549e52977413eb0226070448f7813283780563bd493afc7b8580
- SSDEEP
  
  192:tIiianBNVi8xF1wG1FbIPieeRXtXqHUUN7i592E:tIiianBNVi8n1wG1FbIPieeRXtXqHUUW
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan