agenttesla | 8ca7465b2cebc546b19374162071bd15dd523bf7c47822679af3f32bf7b19125 | Triage

Sharing

General

Target

DOC-SCAN 20250422pdf.vbe
Size

1.4MB
Sample

250423-j1rfxsssa1
MD5

e74e9c45b6174df5b9fce15b790ad64f
SHA1

1b785dbbb0827ae8583269c3268e1fa4b66c4107
SHA256

8ca7465b2cebc546b19374162071bd15dd523bf7c47822679af3f32bf7b19125
SHA512

2ffcd4b22ba4a692557ea7f74c96d5eeb831818bdb18b071e70af1d6d4910c3478c2b2e1206253a174a860f4a5302cd002fac4dc52247ca97a8a3dbe978faa07
SSDEEP

24576:802hUXc2IkQqu9ytsCv+ofYoXtztBzBYbZjD8Yhg+r4FzIjlHOkPEHF30+Wgb8:zh1YLki

Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
26ivK6IyAzFg
Email To:
[email protected]

Targets

- Target
  
  DOC-SCAN 20250422pdf.vbe
- Size
  
  1.4MB
- MD5
  
  e74e9c45b6174df5b9fce15b790ad64f
- SHA1
  
  1b785dbbb0827ae8583269c3268e1fa4b66c4107
- SHA256
  
  8ca7465b2cebc546b19374162071bd15dd523bf7c47822679af3f32bf7b19125
- SHA512
  
  2ffcd4b22ba4a692557ea7f74c96d5eeb831818bdb18b071e70af1d6d4910c3478c2b2e1206253a174a860f4a5302cd002fac4dc52247ca97a8a3dbe978faa07
- SSDEEP
  
  24576:802hUXc2IkQqu9ytsCv+ofYoXtztBzBYbZjD8Yhg+r4FzIjlHOkPEHF30+Wgb8:zh1YLki
Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

behavioral2

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan