agenttesla | fe9e1a34e6151f24e5b05135376d13619b727b0c1877edc6664a897597f57923 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

543cbf9baa7ca947724149208af12740_NeikiAnalytics
Size

729KB
Sample

240515-bbpxsshb5t
MD5

543cbf9baa7ca947724149208af12740
SHA1

e2d54bc9b8b45df159287760fd07a64b4f8d5edf
SHA256

fe9e1a34e6151f24e5b05135376d13619b727b0c1877edc6664a897597f57923
SHA512

6d8db04c1d6718680c01e66a8bd72dccc2596857c3d4c275a4486d8e0db91112b24e5ade0f8211ce423649b2d4b9a12d8cc7731d4148460e729f23f881eceb0f
SSDEEP

12288:sPzEL0EffeG1Y2N8TTp+lzrIuNoPjO34BRukLVBiokg/SH6ko:G4nOKY2Nkp+mGIj84BRukLVBioMHg

Score

10^/10

agenttesla execution keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.bspmetatech.com
Port:
587
Username:
[email protected]
Password:
suhas333
Email To:
[email protected]

Targets

- Target
  
  543cbf9baa7ca947724149208af12740_NeikiAnalytics
- Size
  
  729KB
- MD5
  
  543cbf9baa7ca947724149208af12740
- SHA1
  
  e2d54bc9b8b45df159287760fd07a64b4f8d5edf
- SHA256
  
  fe9e1a34e6151f24e5b05135376d13619b727b0c1877edc6664a897597f57923
- SHA512
  
  6d8db04c1d6718680c01e66a8bd72dccc2596857c3d4c275a4486d8e0db91112b24e5ade0f8211ce423649b2d4b9a12d8cc7731d4148460e729f23f881eceb0f
- SSDEEP
  
  12288:sPzEL0EffeG1Y2N8TTp+lzrIuNoPjO34BRukLVBiokg/SH6ko:G4nOKY2Nkp+mGIj84BRukLVBioMHg
Score

10^/10

agenttesla execution keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerpersistencespywarestealertrojan