agenttesla | a237e33b8c7c7316530743202db77f3f2ffb2e3a6ee31f1af8cbf55fdce16e08 | Triage

Sharing

General

Target

a237e33b8c7c7316530743202db77f3f2ffb2e3a6ee31f1af8cbf55fdce16e08
Size

796KB
Sample

240523-cvkmvsad8s
MD5

ec4b760740b7933d8ffa7c1f0de1a2af
SHA1

0565bbadda59b90f4456bd2fd3a83c7d665e3a80
SHA256

a237e33b8c7c7316530743202db77f3f2ffb2e3a6ee31f1af8cbf55fdce16e08
SHA512

caad0e777a7218bd625e4fb38710b928c6a6f74250d1b1941d25416350595bfb07964d3272079b0358c114e7ad1aff16fcf1e88d4068506d040f8f0b4713c436
SSDEEP

12288:ZbHMi8LkpEaFLVbmQNGvZE8kCyYYXPdap9+Fy8rM9NyPg1J7Pe5xfdzLA2S6Npjv:tjEobHNGh7k5Yj+FlM984v7PY

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
marcellinus360
Email To:
[email protected]

Targets

- Target
  
  DHL Delivery Invoice AWB#7490327845.exe
- Size
  
  736KB
- MD5
  
  84396eb97e3ade6cd6689329d7ff3366
- SHA1
  
  8e8c061ece6bc8f36bad01514ba2869a343d456f
- SHA256
  
  9524dbdb7a13bdd04e736f32c96690df3320fabc8587bd0880db9ff0fd497c8e
- SHA512
  
  95460f92e93ff48045ab507a677d51065b10f068d4ad97d902e2e0f1f8b374c5ffcc8832a074cd964839818516c8e987ff818b408d509e3836cb5ce12145c63e
- SSDEEP
  
  12288:pbHMi8LkpEaFLVbmQNGvZE8kCyYYXPdap9+Fy8rM9NyPg1J7Pe5xfdzLA2S6Npjv:djEobHNGh7k5Yj+FlM984v7PY
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan