agenttesla | 4f9bdf8dc7e1ebdde387b09fad8292e5462d5f1ce1bbf227eee7ad6d12b9f1ad | Triage

Sharing

General

Target

23042025_0721_DOC-SCAN 20250422pdf.vbe.zip
Size

309KB
Sample

250423-h6xpfs1shz
MD5

7aec1d458eb432d2681a14725a5a15a4
SHA1

f1b82a8ea078f37259461808bc71e33fe67f0a2d
SHA256

4f9bdf8dc7e1ebdde387b09fad8292e5462d5f1ce1bbf227eee7ad6d12b9f1ad
SHA512

495d40a171d894ff8937785fe8613fd3b85f153d856d6db06bd69cddeb3b15c160c9b785057cc435c4fdd2a0a47bf43a1caf3cfe527c2d53e151bf588635e66d
SSDEEP

6144:SYhIz2dh0kBgfNOcFv62oY1kQmpwbGO7rQsQ/rUHaXZpbyqzfQjWzLM8fROXvH8:SYRhX8OESU14mGX/Eupb7fDzofH8

Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
26ivK6IyAzFg
Email To:
[email protected]

Targets

- Target
  
  DOC-SCAN 20250422pdf.vbe
- Size
  
  1.4MB
- MD5
  
  e74e9c45b6174df5b9fce15b790ad64f
- SHA1
  
  1b785dbbb0827ae8583269c3268e1fa4b66c4107
- SHA256
  
  8ca7465b2cebc546b19374162071bd15dd523bf7c47822679af3f32bf7b19125
- SHA512
  
  2ffcd4b22ba4a692557ea7f74c96d5eeb831818bdb18b071e70af1d6d4910c3478c2b2e1206253a174a860f4a5302cd002fac4dc52247ca97a8a3dbe978faa07
- SSDEEP
  
  24576:802hUXc2IkQqu9ytsCv+ofYoXtztBzBYbZjD8Yhg+r4FzIjlHOkPEHF30+Wgb8:zh1YLki
Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

behavioral2

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan