agenttesla | d3c98f0f728b578d2c54276461370f41e3b231ed1e68d17a4bce7de71f3e658f | Triage

Sharing

General

Target

d3c98f0f728b578d2c54276461370f41e3b231ed1e68d17a4bce7de71f3e658f
Size

638KB
Sample

240523-cvkymaaf67
MD5

5f258600851db0c540d1a81ab021f887
SHA1

4dffdfcdb54e3de67ac0b7792fcd154410348508
SHA256

d3c98f0f728b578d2c54276461370f41e3b231ed1e68d17a4bce7de71f3e658f
SHA512

3929ef08b0bf9626dc5b8a200c47da344cd9a08acfa341fe307fde42f93ec9fdd49d6420e4fbe6557f150f76e048ef3beb00c879515f4e5f4a2c60adb265efcb
SSDEEP

12288:SJ1GsF26IxfYprUNIYkYHEC3xqM/9m/Hd9egl/EDGE6KqXIffovS1jeXExnoS675:SJ04IOrUXHETI9m+Gc5g2oqxe0xoS675

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.simnu.com
Port:
587
Username:
[email protected]
Password:
L3tM31n*#
Email To:
[email protected]

Targets

- Target
  
  #$AItslip1546.exe
- Size
  
  666KB
- MD5
  
  379a6b94c8ebef8ba5772842a3b51fb8
- SHA1
  
  f91a970671bd23608e3e32115c3fb34f92301a30
- SHA256
  
  2ca58fadf27f88b2a39abfd4dbe4950173a7a113bf91b404734510dbfdf7c557
- SHA512
  
  926cc9558a8a88aa3cfe172635e331c0fb630d7e4bcd0f047208d65031f465efbd288e2896dfb322ca03f1cc47be3fccd1e0c88b04858be6aa08e1d6d9e7c64a
- SSDEEP
  
  12288:2xgAmi8LkpEalnNI6k2HE64HZNzcnd39eOf/Ero062EXKffuv4pbuXEBJ4fhZP5g:K1VjEEPHEpNzceocv2IuAZu0BGfb5IL
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan