agenttesla

Resubmissions

23-05-2024 14:32

240523-rwr6naed5w 10

23-05-2024 14:31

240523-rvpzxaee27 10

23-05-2024 08:41

240523-klg5daba72 10

Sharing

Copy URL

Twitter E-mail

General

Target

0-13.eml
Size

831KB
Sample

240523-rwr6naed5w
MD5

6db92808a0b24eb310faf7a5aa440ce6
SHA1

e96bf9b8ef57280a02c9d06a68ea8526c19ba431
SHA256

8e24500c381c9abb77a1892a68e62f367852ff945e1bcbac379441e4fea772b1
SHA512

531524e6ea3df525119d16b97418b9a64a0d2526561b6b251a70e3b8ae24d6d28fb0b9405dbad0232cf59b8260d6505064b361d1871ca85db03494c402f2478f
SSDEEP

24576:qQFbx4Egi43IFPNFnFSiO0DifiQXvohVV77b:aEgiX5v3+c77b

Score

10^/10

Malware Config

Extracted

Family

agenttesla

https://api.telegram.org/bot7116470912:AAFcUeHH1656vYbBtccMjQVal4iMak99ZmA/

Targets

- Target
  
  0-13.eml
- Size
  
  831KB
- MD5
  
  6db92808a0b24eb310faf7a5aa440ce6
- SHA1
  
  e96bf9b8ef57280a02c9d06a68ea8526c19ba431
- SHA256
  
  8e24500c381c9abb77a1892a68e62f367852ff945e1bcbac379441e4fea772b1
- SHA512
  
  531524e6ea3df525119d16b97418b9a64a0d2526561b6b251a70e3b8ae24d6d28fb0b9405dbad0232cf59b8260d6505064b361d1871ca85db03494c402f2478f
- SSDEEP
  
  24576:qQFbx4Egi43IFPNFnFSiO0DifiQXvohVV77b:aEgiX5v3+c77b
Score

5^/10
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  Ach_Payment_Advice01.gz
- Size
  
  612KB
- MD5
  
  adf375448796e4d3f80067a25fe89f46
- SHA1
  
  cfc575914ca0ebe94abf5d89722f6fbfaa9e1ee9
- SHA256
  
  c992f916c0381e40b3849ad77534f0bb944e4e42283793fd7ac06e245cd43cef
- SHA512
  
  e98fa14ef9a55f05bc8f48cab97397d732c12154b12caaef0d8fd0e39d8fff5b22f865eb9f9ade221ac64840011f2bbf2361042be9fbabe2c7f398dd976c3dc3
- SSDEEP
  
  12288:RJCt63Yngjh38jpvNO1ShvoOJ/gf5jb0qy3QQ5tcGgU0fOYeWiKp6cgxA:G63cihMpFutYjtPEU0m3KIcH
Score

3^/10
behavioral3 behavioral4
- Target
  
  Ach_Payment_Advice01.exe
- Size
  
  689KB
- MD5
  
  eeb0a5f2f2e765bbe937e595ddd0650a
- SHA1
  
  2a5127e5fdf921547b4ec39e964682469573e1f6
- SHA256
  
  2869686380724afd713bbefc58c9aceabd90692e27d9de7af96e748b3066d8e9
- SHA512
  
  46f36ddb5d6dc37ac4d1d0388c87971933e8f8fae7de89d54483b5a900365c786b859b9b7fbd7f721a03ac03025ce800f5ee3ebcb67aa22442d8df1853456ee8
- SSDEEP
  
  12288:c5h2Xp96Wtlc5ingN/JuXdH7O18x3UObHgf5jFuq4XQM5taSw40fgYYMiwp68kxU:c5UXfvtlc5yC/adbChYjl9c40oRwI81
Score

10^/10

agenttesla evasion execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Looks for VirtualBox Guest Additions in registry
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  email-html-1.txt
- Size
  
  946B
- MD5
  
  90c7264fde86f0c788ecea131de65e16
- SHA1
  
  bfecdfcc84b0bf0c11522032ec04ed6836385bfd
- SHA256
  
  67a8037245ca5e31a99d8a7dd453c3049385829ec8c0f79c90377f6dffbb02b1
- SHA512
  
  8725786f9e9bd865088b0af532ac6c9ba2d8c6c019c14dc22cc868c17acc6284e7165c0fb7f322682fb9d48dc19c923ad7a37f1588bfb4dc2acbfe47d81c4949
Score

1^/10
behavioral7 behavioral8