agenttesla | 0fbdb7acedd6d325882de9a8a717d7ad9ae1dc9b9d8a897ada9987fae50d96e0 | Triage

Sharing

General

Target

0fbdb7acedd6d325882de9a8a717d7ad9ae1dc9b9d8a897ada9987fae50d96e0_NeikiAnalytics
Size

841KB
Sample

240521-g7w9msbc36
MD5

9e395ade1a50858d738607cd7a4bfd75
SHA1

6da866d979a2c43cd83130c8ddf3fb96f5774a60
SHA256

0fbdb7acedd6d325882de9a8a717d7ad9ae1dc9b9d8a897ada9987fae50d96e0
SHA512

8c6cd4fa1b7778f620957815f5470cd40add13ab60cb1cece3633fe532d8aac0ad803e28101513a38e2450767826110cdbbd267b1131605e6df35dd06d5bdb9d
SSDEEP

24576:qSR7RICpp36CYT9fhQrtO9uLRKnyCuieVd1pJ/vX:T7ppi9+ZOQRKyCzeVdPB

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
marcellinus360
Email To:
[email protected]

Targets

- Target
  
  0fbdb7acedd6d325882de9a8a717d7ad9ae1dc9b9d8a897ada9987fae50d96e0_NeikiAnalytics
- Size
  
  841KB
- MD5
  
  9e395ade1a50858d738607cd7a4bfd75
- SHA1
  
  6da866d979a2c43cd83130c8ddf3fb96f5774a60
- SHA256
  
  0fbdb7acedd6d325882de9a8a717d7ad9ae1dc9b9d8a897ada9987fae50d96e0
- SHA512
  
  8c6cd4fa1b7778f620957815f5470cd40add13ab60cb1cece3633fe532d8aac0ad803e28101513a38e2450767826110cdbbd267b1131605e6df35dd06d5bdb9d
- SSDEEP
  
  24576:qSR7RICpp36CYT9fhQrtO9uLRKnyCuieVd1pJ/vX:T7ppi9+ZOQRKyCzeVdPB
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan