agenttesla | d2a90ff98ae065a39ff94d17fb315e77c39801261641439a6cfa32f3b8eef9bb | Triage

Sharing

General

Target

d2a90ff98ae065a39ff94d17fb315e77c39801261641439a6cfa32f3b8eef9bb
Size

43KB
Sample

241006-1sx26ssbmf
MD5

4b1afba5f3b00b91dbd1f282e2dc9ffa
SHA1

9b0819eca23998208f9da13967a62388ce538625
SHA256

d2a90ff98ae065a39ff94d17fb315e77c39801261641439a6cfa32f3b8eef9bb
SHA512

46904f5cc494783fef1379d238370d5133b34328ee5193f78a71d6860ce387fbb6c68ba95a27128079fae573b6f88c69befa4fc128c29c0cdfd28eb4b0185f7f
SSDEEP

768:5LSXzC40ywsQNt8QpFNfHDmAxrcXS9/7IwuyXfxnIJmN8jDnj74:5LnuQNfB8SdIwugVN8/js

Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.detarcoopmedical.com
Port:
587
Username:
[email protected]
Password:
To$zL%?nhDHN
Email To:
[email protected]

Targets

- Target
  
  Request For Quotation.js
- Size
  
  131KB
- MD5
  
  55f3ba85c0e1546b907ec0f2465f6bac
- SHA1
  
  59c6d5157b6cb30040f0226599c99f07c361f822
- SHA256
  
  c35922ffe621f1719e7346a3fa7ba779766c44481ed2ad785782cc7bf693376c
- SHA512
  
  478496891e630b260802e97f20132adf1b06b22f35b059e9f9176e6e5f777d63184b45c32efbf4981f53f02ecff31640e84661164a90d550a1d061e1edde3d1b
- SSDEEP
  
  3072:/N+oukZXE8KRI4V1AulQkcunvyhLZm2MKIvgzJJY6N+oukZXE8KRI4V1AulQkcuz:/xukZ08baeulQ/uni/M5vgzXY6xukZ07
Score

10^/10

execution agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan