agenttesla | ac07c423bb0785b861795d5afdaa1ad0e433a6db747986ee3cfcebab6976f2bb | Triage

Sharing

General

Target

ac07c423bb0785b861795d5afdaa1ad0e433a6db747986ee3cfcebab6976f2bb
Size

680KB
Sample

240523-b759nahc4t
MD5

66228b6f5b149c3d52a20e0fa1b4ca17
SHA1

779371603043c8b5bfcd1c1b5d921cf974fc352c
SHA256

ac07c423bb0785b861795d5afdaa1ad0e433a6db747986ee3cfcebab6976f2bb
SHA512

e42cae6af4715e3a9d50f921704012ee2e7cd9a68ae7f43bc35cb3ec86c1e7771f69bd31c0cd2f32cf789647eb67ca3198674c60c6cb3410f60b1e79aef0224a
SSDEEP

12288:+RV5XBiMyStKGzeRs3MJehivPXB4Is0PkRaqd6xl8tGnKse/MdCHJkR:YHBThKGzhMJHnuIsDytKht0

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.valeofarma.it
Port:
587
Username:
[email protected]
Password:
valeofarmavero
Email To:
[email protected]

Targets

- Target
  
  ac07c423bb0785b861795d5afdaa1ad0e433a6db747986ee3cfcebab6976f2bb
- Size
  
  680KB
- MD5
  
  66228b6f5b149c3d52a20e0fa1b4ca17
- SHA1
  
  779371603043c8b5bfcd1c1b5d921cf974fc352c
- SHA256
  
  ac07c423bb0785b861795d5afdaa1ad0e433a6db747986ee3cfcebab6976f2bb
- SHA512
  
  e42cae6af4715e3a9d50f921704012ee2e7cd9a68ae7f43bc35cb3ec86c1e7771f69bd31c0cd2f32cf789647eb67ca3198674c60c6cb3410f60b1e79aef0224a
- SSDEEP
  
  12288:+RV5XBiMyStKGzeRs3MJehivPXB4Is0PkRaqd6xl8tGnKse/MdCHJkR:YHBThKGzhMJHnuIsDytKht0
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan