agenttesla | 09c6a649817b8e41d2ef4b787d783b06e77f985e74c5e1fcdb2449340721c4f6 | Triage

Sharing

General

Target

catskidder.exe
Size

145.8MB
Sample

240901-drfeeazerk
MD5

8df86e515a00ffd6e66595d722f91755
SHA1

b2f694bdc2db1974c48297fb1be7ff1786be2c7e
SHA256

09c6a649817b8e41d2ef4b787d783b06e77f985e74c5e1fcdb2449340721c4f6
SHA512

73c1424f64302d5be47534b8c9bdc5268d320701e912957a713664cc34b5778f431ea66aa341331b1ebd92ed9bfe1e7c0961731a42fc00bb1db257347abe90f3
SSDEEP

786432:jMBhE6u+mmzLWN3KPqiVmSYb3Tn3SjPoVEeFZXcNTtLwSTRpf4P1wT1Ubr6u:jV6u+XLTVmSwCroCYJbr6u

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  catskidder.exe
- Size
  
  145.8MB
- MD5
  
  8df86e515a00ffd6e66595d722f91755
- SHA1
  
  b2f694bdc2db1974c48297fb1be7ff1786be2c7e
- SHA256
  
  09c6a649817b8e41d2ef4b787d783b06e77f985e74c5e1fcdb2449340721c4f6
- SHA512
  
  73c1424f64302d5be47534b8c9bdc5268d320701e912957a713664cc34b5778f431ea66aa341331b1ebd92ed9bfe1e7c0961731a42fc00bb1db257347abe90f3
- SSDEEP
  
  786432:jMBhE6u+mmzLWN3KPqiVmSYb3Tn3SjPoVEeFZXcNTtLwSTRpf4P1wT1Ubr6u:jV6u+XLTVmSwCroCYJbr6u
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan