agenttesla | 31ef12a408e8a43e5bdd79f116c81b31261032ebbc1c079edfb4a6f68938df41 | Triage

Sharing

General

Target

23042025_0724_Demurrage Claim 20250422pdf.vbe.zip
Size

310KB
Sample

250423-h8s42s1tdy
MD5

9a7038950a83721ab223f82cad279bf6
SHA1

e1691f564e2b8267b2fb6e259dec9881f01cbb51
SHA256

31ef12a408e8a43e5bdd79f116c81b31261032ebbc1c079edfb4a6f68938df41
SHA512

9e3524dc1d9578695371325e2e2f295b46b46a99fed2f5f2da33f9e741fae9e03010e012fcf7fdbf2a2b38d1fe94e5dcfaa4c8644ec73f85e485041ff0c404bd
SSDEEP

6144:clSDSrqQkcMR5ZuJay3VdOgrR28rN/AB4VqkjRXI8+wOeWqCQuSkF:clSDSLkcMR50Y1Y1rN/AtuiwruXF

Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
26ivK6IyAzFg
Email To:
[email protected]

Targets

- Target
  
  Demurrage Claim 20250422pdf.vbe
- Size
  
  1.4MB
- MD5
  
  3cad1f3c2c6f0a5652402adb31314137
- SHA1
  
  cfa7f80e00c931b0107ae8b9d588fea375fa8486
- SHA256
  
  bce73437ffc825f4af0e0a4a14b5d2f1a52c55d324be9ad415b2ed257274335e
- SHA512
  
  96ed0e88756c77206d187059bd39fadeb597466940265c8a35b40ba60b30fce71427e84ebc32806d96046fd0f82c1215f334cff97d81c5f70ebc881d7162a005
- SSDEEP
  
  24576:Sk6YLtW+5pCOOrwBfeom3RDRoM8cLIRk3tAaLMgs4GM4IVj:Tmf5
Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

behavioral2

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan