agenttesla | 59b9471cd5a317f6d811ac2d033bd9c8cddd4f946494446316ee60ad08afb7e9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

728a0287e37a2829eb6a1ba56302db14.bin
Size

674KB
Sample

240512-derlxadb8s
MD5

2ad0b854415f703acce1fdf72f33c2fc
SHA1

a398212faa4ed4a1cecf7e9ea29c442d5c09ea2c
SHA256

59b9471cd5a317f6d811ac2d033bd9c8cddd4f946494446316ee60ad08afb7e9
SHA512

d8e6be8723fc38d9d7bdf104054fe7083387b4be485e41e7646ce4fa2b45d91adf0cb73aadb548cecafdd0e6d57d4cabddca4d92a0d7b822d6f3c1be0161d597
SSDEEP

12288:KDhwjGHCl9zP/FEQy+hmiAyi4SLJRVqP1dIqhrqm9jDM3/CnivVWbyJWrVvwp:DjGwhEMeLJ2PAwWI+/CivVWBrap

Score

10^/10

agenttesla execution keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.clslk.com
Port:
587
Username:
[email protected]
Password:
NUZRATHinam1978
Email To:
[email protected]

Targets

- Target
  
  aac4ee05a5f1436d0c89ef8a13bb1b39ce4cb3bd5d5be1cb5413581887290cc4.exe
- Size
  
  1.0MB
- MD5
  
  728a0287e37a2829eb6a1ba56302db14
- SHA1
  
  ca7d616c2e358c99e137ac13f79f9f533524ad7e
- SHA256
  
  aac4ee05a5f1436d0c89ef8a13bb1b39ce4cb3bd5d5be1cb5413581887290cc4
- SHA512
  
  c74b142f98dedb1315203b061ddae9714eb64ac8000ff63a796efc43761ccd56af46fd8a9f7f2f95e06d82da1d5f1a012535c43bf49541f3b3a1f66ebdf37052
- SSDEEP
  
  12288:1VLaID7XkuLPjNkKUaYNE/7qklO4EEZZivikgkX2tSQgnz+iDkR:1vcuTZLUHwqk9EEZZiGK2tQbW
Score

10^/10

agenttesla execution keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerpersistencespywarestealertrojan