agenttesla | eaae036429966edb9d7efcc60e7d8af4ecb0e60b668083125c64aed949753948 | Triage

Submit
Reports

Overview

overview

Static

static

1

Letter Of Intent.vbe

windows7-x64

8

Letter Of Intent.vbe

windows10-2004-x64

Resubmissions

29-10-2024 18:10

241029-wscc9axhkn 10

09-10-2024 10:24

241009-mfdacatdqb 10

Sharing

General

Target

Letter Of Intent.z
Size

4KB
Sample

241009-mfdacatdqb
MD5

b853b1e0b1f662bf6c75f8a4f638bb3a
SHA1

f8b38b7dfba9985c6f364143eaefc520dab3f7ae
SHA256

eaae036429966edb9d7efcc60e7d8af4ecb0e60b668083125c64aed949753948
SHA512

1ef95e3f4e25a4859affc71ace8f7ddac2c90d935462ae440d7176d7bdfbe2da4ae907d453b7ea9adbf7628a36211f69e0438c8fbc6af0b95432dba0b5386082
SSDEEP

96:cKbRhzWF0+h1v9VClHPeFYWD2MqcBkmoGmcbsX1r:cUQ0e1VclHPYYW3bBkYsp

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Letter Of Intent.vbe

Resource

win7-20240903-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Letter Of Intent.vbe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
M992uew1mw6Z
Email To:
[email protected]

Targets

- Target
  
  Letter Of Intent.vbe
- Size
  
  11KB
- MD5
  
  59958a367c15cc55b0b42db533eb99a8
- SHA1
  
  06d169da811d8d0abce9280ff7fd748f125e1aff
- SHA256
  
  5a793830dc868d92331342fbca7bb5338b6014944a972960c97f7d9d3f3c66ae
- SHA512
  
  bc7fbbb16f83492876f298f98160b264150ee995871f0e2d59c5c49d703bf2f21721ca1d49d293264be798ef0da2b5ebb4f423be5ddc788d34f1369db03e546e
- SSDEEP
  
  192:kn3g3XXH2AYKtbXq1qFqpSJ7sWfqH2hmqaOdC8NhuOzWNpK:uw3XXH2aA1qFkiQWfq2mqLdCpxw
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy