agenttesla | 31c8d65a3c8791b905bd1a02354e7833056416ffb359e09697f4ea2afdae34e8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31c8d65a3c8791b905bd1a02354e7833056416ffb359e09697f4ea2afdae34e8
Size

3.1MB
Sample

240504-b4e83aaa6t
MD5

cf99975aa62e40043423eb454ecb4993
SHA1

7060f8467e691d5d1726ea81487eff0613981ace
SHA256

31c8d65a3c8791b905bd1a02354e7833056416ffb359e09697f4ea2afdae34e8
SHA512

3bb7e2e781f0dd2778fd34c66cb8fc860f07305bb762a69d29179e8d3c1577a3976a32439930a5b1a9fc477dc909c300c54545602bc34255cc04bb52a8ebae42
SSDEEP

49152:mzBfc7D7KirEHi0OllMMK8fepVD5eNoisJoZN8AN4FHGaHWNeL:mzuTzYk+UecOhpZ20L

Score

10^/10

agenttesla evasion execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.cozuns.com
Port:
587
Username:
[email protected]
Password:
w+ub8[zkC.O*
Email To:
[email protected]

Targets

- Target
  
  31c8d65a3c8791b905bd1a02354e7833056416ffb359e09697f4ea2afdae34e8
- Size
  
  3.1MB
- MD5
  
  cf99975aa62e40043423eb454ecb4993
- SHA1
  
  7060f8467e691d5d1726ea81487eff0613981ace
- SHA256
  
  31c8d65a3c8791b905bd1a02354e7833056416ffb359e09697f4ea2afdae34e8
- SHA512
  
  3bb7e2e781f0dd2778fd34c66cb8fc860f07305bb762a69d29179e8d3c1577a3976a32439930a5b1a9fc477dc909c300c54545602bc34255cc04bb52a8ebae42
- SSDEEP
  
  49152:mzBfc7D7KirEHi0OllMMK8fepVD5eNoisJoZN8AN4FHGaHWNeL:mzuTzYk+UecOhpZ20L
Score

10^/10

agenttesla evasion execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaevasionexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaevasionexecutionkeyloggerspywarestealertrojan