agenttesla | 2a633afcb2dad9516cf533d4851290ed5a643a9eba9b605f228961ecc092ba13 | Triage

Sharing

General

Target

2a633afcb2dad9516cf533d4851290ed5a643a9eba9b605f228961ecc092ba13
Size

1.2MB
Sample

240522-crlqrahb77
MD5

f89a94af5c2287cc59aaf403e7ce9f5d
SHA1

6fd2bd0c9ff90d730f1f823b4b0301c7c82782f8
SHA256

2a633afcb2dad9516cf533d4851290ed5a643a9eba9b605f228961ecc092ba13
SHA512

789450fa54a614ac72368c8a3eb33a48b3cf3e9649ea6ee8259cf3da9ac9d23a61483a94785cfe5a7721ead4a4a169fec8f3a475649badf127ebc0668b4a8b8c
SSDEEP

12288:klYifT7wT6qz0IWrkmpF3LhE7ukBdaA0e3gQBGzj5BJe3MqqIR8jeqvR97M:ji3sAfrkCF27ukmujBQj5UGINqp9o

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.bethesdakindergarten.com
Port:
587
Username:
[email protected]
Password:
kindy6014587474
Email To:
[email protected]

Targets

- Target
  
  Payment copy-INV 311197.scr
- Size
  
  659KB
- MD5
  
  cb576d842332c735fd2187e145c61d3c
- SHA1
  
  9ffa9ce013caaac448c7fa1caf3d956263271a08
- SHA256
  
  940a87f6bcc82595c9bbec3f55c28cf479262344874f8ba1a7a804dd747e3334
- SHA512
  
  337ab46565d61f126bf7cd2d940bcf1e234bee72516981be2ec8f0b183532844c323529b7973bb87ad7f345b553e410001e3ee06bdb725ca5c2829c600128c2f
- SSDEEP
  
  12288:VlYifT7wT6qz0IWrkmpF3LhE7ukBdaA0e3gQBGzj5BJe3MqqIR8jeqvR97M:wi3sAfrkCF27ukmujBQj5UGINqp9o
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan