agenttesla | a72135c61b886b3ad7fff6024d7aabb0e25aaad13877726e7d7a3147c5c3800c | Triage

Sharing

General

Target

23012025_0948_22012025_DATASHEET.iso
Size

524KB
Sample

250123-ls996svmbv
MD5

dca3cd2ee30aee1644988da8424509ff
SHA1

28884716500bb8d02830e50fcf438ee50e81ea69
SHA256

a72135c61b886b3ad7fff6024d7aabb0e25aaad13877726e7d7a3147c5c3800c
SHA512

ad9c08ff54408ca9be898002b2858b0b0985a42e2e0aba324e69729a888ca51d024d65215ea94f6beb723c5820c958b7aea88a0809c34fff049f5340b796a51c
SSDEEP

12288:Gf8UpxgxZ4h+IbHAEmF8zGRaBAXOUCYg:GkUpecsaAXOpYg

Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
graceofgod@amen
Email To:
[email protected]

Targets

- Target
  
  DATASHEET.exe
- Size
  
  462KB
- MD5
  
  64a417953c1e9c47efbdefd29efad661
- SHA1
  
  9d688fb5e56fc89259dc6abee0484831c8a6e52c
- SHA256
  
  42572353a61f92743993c00a547bbbed9c7e2db8c32a2df04bf0ec0ac5c4a9d5
- SHA512
  
  4988c1553480112afd94cf6d493bab728e411f2f6cd21d22cfe92a9ba6bcb0e56cc168dc8cbc62368ca6a7b2186a100979a76ed7e50608f11ed446af0e21d7bf
- SSDEEP
  
  12288:vf8UpxgxZ4h+IbHAEmF8zGRaBAXOUCYgC:vkUpecsaAXOpYgC
Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerpersistencespywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerpersistencespywarestealertrojan