agenttesla | 7c50b2f8b626bcf9e6ab91d75cf7317f97bc76d9e438f5ffb14f6f084fa55a12 | Triage

Sharing

General

Target

7c50b2f8b626bcf9e6ab91d75cf7317f97bc76d9e438f5ffb14f6f084fa55a12
Size

1.4MB
Sample

250114-r8jeaasrbn
MD5

3dd8f55289e07330e59c3e7c0de38220
SHA1

596d4c9d3224dca3af19d6dfe0e6b7285c7111c0
SHA256

7c50b2f8b626bcf9e6ab91d75cf7317f97bc76d9e438f5ffb14f6f084fa55a12
SHA512

f4c5a0d375a915479969f9de8ea013f999827b38ac6ccd65d6c30cd2c31de10702c9cd131ace5f7ea31ac8acb498cb6707c6cfdeca7f3e62029921cf034c7f41
SSDEEP

24576:/ww8M5h9p5ddUxcpbk8BeXg3B9v1gFwf9SKt6gojYae2avX+jht0W1Ox2U9r:civ9dUxcRk88XwBPgKfsK0HjD/8ujD5o

Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  IMAGES.exe
- Size
  
  1.8MB
- MD5
  
  8c07bdb9cca0c5a4d049ffc1467464a3
- SHA1
  
  72efd059636e8eb12fcd164ec5aa4f9c9db1c43a
- SHA256
  
  7bac2b97db6f10df47459cbb698c2f27632c65b5c5f7eef3a8c0678ae1d6f44c
- SHA512
  
  b924b0919d8a961a0616182f396957cffa645b11019f81b0f598cabe899da5223b68694217f1950083f4ace625f9330dbd263ac93907e86e91037079a842ce21
- SSDEEP
  
  49152:ITvC/MTQYxsWR7aafXwfXgGJII0zf39Ka/BxEwUfE:AjTQYxsWR9nGmDBh/BSTc
Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerpersistencespywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerpersistencespywarestealertrojan