agenttesla | 430025fe36631f68eff0b16801cc56148426dc4886d5c20d8da7fc259529bd01 | Triage

Sharing

General

Target

430025fe36631f68eff0b16801cc56148426dc4886d5c20d8da7fc259529bd01
Size

459KB
Sample

241002-wpl4aatape
MD5

c84b345cc6c1d3908ae4abc427a36c5c
SHA1

a850a878eb8fdd3b2945eb85f6b2f5d97ea468ed
SHA256

430025fe36631f68eff0b16801cc56148426dc4886d5c20d8da7fc259529bd01
SHA512

d304eb757858e1418e18e43baa1a93c44ce92b427e9a5a46b5f51a2dc5c3199703403e0dd61a17a98d4762f61536785ea49ba9fa2e63433552f6adc80d4e1336
SSDEEP

12288:K/ReWbxfvCDfz6jn1pJikj7rdeLntiGweYN:whVfvCLWnL7YZiGwt

Score

10^/10

agenttesla collection discovery keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.dynamicconsultinglogistics.ma
Port:
587
Username:
[email protected]
Password:
Laanaya@2022
Email To:
[email protected]

Targets

- Target
  
  430025fe36631f68eff0b16801cc56148426dc4886d5c20d8da7fc259529bd01
- Size
  
  631KB
- MD5
  
  c90e41cba5b33443ac62bdd560856090
- SHA1
  
  c91b6d7eb1a70ae36a7de4cf91386c5f43d0639e
- SHA256
  
  8570c011be165d6c092c41db1f85d4c52fdca1812b7c9ee87420702c2776005a
- SHA512
  
  8bde482fa8a032e9f76ae01ce775df88f8808d07d0ebe49eef612b6b63bef490b26824617fb887ff9dee5999b753c9cce3564614d33f56abd292491fdbdbc396
- SSDEEP
  
  12288:rcz/F3C9gpvfz6jndpJi8j7IdeLHaiGwe2:rwkgBWnd7P+iGwr
Score

10^/10

agenttesla collection discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectiondiscoverykeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectiondiscoverykeyloggerpersistencespywarestealertrojan