agenttesla | 50a04e6365ff52ca1c6f926a30edeeff8c1c44283b2f2b0fcb5ba1e0476e9be2 | Triage

Sharing

General

Target

50a04e6365ff52ca1c6f926a30edeeff8c1c44283b2f2b0fcb5ba1e0476e9be2
Size

676KB
Sample

240523-c2r1hsba39
MD5

585db3a8eed13f1a2bbc01d118687b40
SHA1

8b6816112d5387f3e1c87568c7a2741fb630687b
SHA256

50a04e6365ff52ca1c6f926a30edeeff8c1c44283b2f2b0fcb5ba1e0476e9be2
SHA512

af14f6a1e705aa9a08ad49a51e57351c5487d16d7f8dcca9cbae85d18adbb159848ab6cc46356f7648d643d2d4cef4f2890936997ec5c13a881576b6fe614e07
SSDEEP

12288:eSyi8LkpEawtl6Y66BMWwjQ2KNewh7fpqnnFvssj8jPqkIHBSvf5F2G06aWquqzm:FjEVpGWs/q7QnnFHjaPwhSmGXaEn/

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.greenimpressionbd.com
Port:
587
Username:
[email protected]
Password:
Rumizaman123
Email To:
[email protected]

Targets

- Target
  
  50a04e6365ff52ca1c6f926a30edeeff8c1c44283b2f2b0fcb5ba1e0476e9be2
- Size
  
  676KB
- MD5
  
  585db3a8eed13f1a2bbc01d118687b40
- SHA1
  
  8b6816112d5387f3e1c87568c7a2741fb630687b
- SHA256
  
  50a04e6365ff52ca1c6f926a30edeeff8c1c44283b2f2b0fcb5ba1e0476e9be2
- SHA512
  
  af14f6a1e705aa9a08ad49a51e57351c5487d16d7f8dcca9cbae85d18adbb159848ab6cc46356f7648d643d2d4cef4f2890936997ec5c13a881576b6fe614e07
- SSDEEP
  
  12288:eSyi8LkpEawtl6Y66BMWwjQ2KNewh7fpqnnFvssj8jPqkIHBSvf5F2G06aWquqzm:FjEVpGWs/q7QnnFHjaPwhSmGXaEn/
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan