agenttesla | dd8bb6b4b5f5c89b13b9b0954ce12e7fbf00bb721dd880e7dac01aa72731b771 | Triage

Sharing

General

Target

dd8bb6b4b5f5c89b13b9b0954ce12e7fbf00bb721dd880e7dac01aa72731b771
Size

732KB
Sample

240521-bxswksec4w
MD5

1fa49305a835d5e6781c4042caf4eca7
SHA1

e2fe9a2888aaddfabd45be7864153f356a87a771
SHA256

dd8bb6b4b5f5c89b13b9b0954ce12e7fbf00bb721dd880e7dac01aa72731b771
SHA512

6defdce2019b455c617ee6896213a58ecd4d9985dbc1bcc74aabaa1e4ad62336e32bc60c806192cadfdd09505126fb3b67d4353d41e9082dbf003c0e58633529
SSDEEP

12288:xM/WfeKRRCs9UIeXm7xcdgHLa0smoicuHziUHeC2IsyI4w70TithTff6RLXn0K3C:KWfeKRRCTIeAxjHUicaziUHbsyIf0TiR

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yubacuba.online
Port:
587
Username:
[email protected]
Password:
f^IwDY%8
Email To:
[email protected]

Targets

- Target
  
  T.T Copy.scr
- Size
  
  853KB
- MD5
  
  f7ff04b1c105625810a3587f2edbc5c7
- SHA1
  
  d3e9ee995d4fcb67fa445196db12fa393a69f63b
- SHA256
  
  2c383aae867d24468c5d0c143aa2ba0e14658843300b5d5f1f1f00744fd4db85
- SHA512
  
  94172952bc79eb4c4e7b98eaf27a5aa153ad4c71a4e6043fb8d7936d8b3c1dea60da237f41a6d282228ba59f1cadd7d66d325c154192867e19608f1cc180ece5
- SSDEEP
  
  24576:nVkWtb3BECZIeAxkWmsQcMz0UHrs8WZSTgB1nILabVfp:nVfZBEGIeAkJzmZcP2bVh
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan