agenttesla | 585b7684659a1757957217509842b7eb0858084dcc01ca9c9f30b15f76d83686 | Triage

Sharing

General

Target

New Order For 2000 Pieces.7z
Size

1.2MB
Sample

250328-qlgfqsykt8
MD5

d7ea3863a28d098be58dae4a51631a5a
SHA1

c3860ed84293acd76ae9fb3085a6a514ee8a5b68
SHA256

585b7684659a1757957217509842b7eb0858084dcc01ca9c9f30b15f76d83686
SHA512

3edc18f44e549c4bb2c612fd1cdf8293c4442b882c1a5b71616ccd1b81c6351b6ac6200fd82186239e858d4ed6f562eb08da856341e4dfbace7900bad54c53ca
SSDEEP

24576:9I+8fJO+Rq1aWflQ8oZHby1+eTNzwRgiS0AEjsATC71lsPXAi90:O9JBRq1n9Q8oZHGYGNViT5BGS90

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
[email protected]
Password:
manlikeyou88
Email To:
[email protected]

Targets

- Target
  
  New Order For 2000 Pieces.exe
- Size
  
  1.4MB
- MD5
  
  100b68f299f7e856b6f35cd57b1de24f
- SHA1
  
  586ddef28b2b7584d30299f48ae7e6362303ce08
- SHA256
  
  0c81dacc3052737225ca5c8f49411ee34ec21530b33946b972e38a483d61c5ac
- SHA512
  
  4182cbd833e3cbda7c77a80594f19314eb75c41dd0aac90fcd9ddb5af95c15583710eeb72610bdf3e4d3fa41d2bd580e95dc1ca18c8fa2703e2b2aacd35a9547
- SSDEEP
  
  24576:4kvRVnxRp9+Ai19YFC98FCI2Js9nT3jw+71SxAEbrRTChkN62XxiC350Mf:4+lNIAi1+A98FCIWwT331A5BGt250Mf
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan