agenttesla | d97c7683c455737df7f58b1909bc8d979b0c7c38e0b74a68a1394bbc72d66ae1 | Triage

Sharing

General

Target

d97c7683c455737df7f58b1909bc8d979b0c7c38e0b74a68a1394bbc72d66ae1
Size

37KB
Sample

250114-bxv1yavqbl
MD5

61185d4f91bed4d271b177fcf66f82a5
SHA1

f03675b5478b8b89f078a32535833ad888389c75
SHA256

d97c7683c455737df7f58b1909bc8d979b0c7c38e0b74a68a1394bbc72d66ae1
SHA512

d86476c84156d824f78481b5e20edcfa35a2241353418757d897d3a96b6ca08bafd8cc1114f8f569d091f9a0535daa5bcc79a8e18b89817d2df108a9d24d554c
SSDEEP

768:nSdJlGbLRobKum8IQyYr6VMZh5kaYmlyMTvx8D3/kRJ8lHLWaqHA7M2:nCJsnRobKtQPZnnYAvvWC8lHJw6/

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
UBnnnstayQMK
Email To:
[email protected]

Targets

- Target
  
  Ref#11310057.exe
- Size
  
  145KB
- MD5
  
  4695c58b4e2dd8c7865ccc0bc0693367
- SHA1
  
  a8d4b077cd63843ad5305b063aa1d95a4f398eb7
- SHA256
  
  3a56216ded9e2b6fae078b2c0beb9601d8404444818bf9e413884e3cd886d8f8
- SHA512
  
  27de43000cdb506632ac01049d767fbd1ace0783d2914f0d16083458f6555474159fb4e5345cd0b6e18ec9ddff95e74678077910a4ceae500229084da9f366f6
- SSDEEP
  
  3072:rqoBB1EMoND5/7CbiAGtt4mt2PRKjIUuppC/j:1RkFAGt9MJKYW
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan