agenttesla

General

Target

17012025_0145_16012025_Documt736098.zipx
Size

3KB
Sample

250117-cbyelsyqck
MD5

2cf416c7207c4f86a426a6d4ec4ea7e3
SHA1

b61cbc20fae295f1668c5d8f7bbe0de5f1c41235
SHA256

1a8d599848e922f122bf3ab673b87369f05eb2746d0b6b0833aefb137341d58b
SHA512

a6c7c317f83b896fb786f69807f0970209196463e0d6eeefc32053306fb69d2166c5a6ebde71fed8216318afa7dfc88b86c1ba044e8aead6e193002a50e07ac8

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
M992uew1mw6Z
Email To:
[email protected]

Targets

- Target
  
  Documt736098.vbe
- Size
  
  9KB
- MD5
  
  8113e63e2ba4ac63a4621b2d9441524d
- SHA1
  
  05b433f2cfb14f9d1ec947e32a496c45a2cfa22a
- SHA256
  
  d5d3a7f4ca9b374465da72f550cc5a04e751c6a4ed18ab917a304318a9b4409b
- SHA512
  
  730e21b73e6320146c53dd9092246578a476b24efb6dbcd902e905df05039274cd2adf76293e54e1d9a3cb01e88d3800db867597bbffd979ecfea5729d4d62d9
- SSDEEP
  
  192:egjmLPbnOqiR2jutyT8vPka6hfuIMynp9KAvPxK:tjcPbg2+yT8HkaTTqp0AvQ
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

4

T1012

System Information Discovery

4

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Agenttesla family

Blocklisted process makes network request

Checks computer location settings

Looks up external IP address via web service

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2