agenttesla

General

Target

7492f02aa1b14cf0841d24258ee474eee5e37f4bffc2d2ee7913676e8e6f0737.exe
Size

698KB
Sample

240524-nvl2gafg67
MD5

1936f9e785d92a881fc7ed6a82817954
SHA1

b4e306b0a6229745c7cb37a928dc08f59df61769
SHA256

7492f02aa1b14cf0841d24258ee474eee5e37f4bffc2d2ee7913676e8e6f0737
SHA512

793c982bdf1277f9ce68d30f9e4383530e47d2a9e024af2208be78d754901c4f158189417c4cdd25dac0efbe9bffd1e4d06b8f8d06a9e396e30a830555a768c5
SSDEEP

12288:aajAXYMjhvPie/rByY7777777777777vAxBWfDtrn6cJHvafzKx9gp+nmnXlN3+X:aajAXYMFniyy+AxUfZ6oifzIgomnXlNP

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.afsolutions.gr
Port:
587
Username:
[email protected]
Password:
Vhtd31!5
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
mail.afsolutions.gr
Port:
587
Username:
[email protected]
Password:
Vhtd31!5

Targets

- Target
  
  7492f02aa1b14cf0841d24258ee474eee5e37f4bffc2d2ee7913676e8e6f0737.exe
- Size
  
  698KB
- MD5
  
  1936f9e785d92a881fc7ed6a82817954
- SHA1
  
  b4e306b0a6229745c7cb37a928dc08f59df61769
- SHA256
  
  7492f02aa1b14cf0841d24258ee474eee5e37f4bffc2d2ee7913676e8e6f0737
- SHA512
  
  793c982bdf1277f9ce68d30f9e4383530e47d2a9e024af2208be78d754901c4f158189417c4cdd25dac0efbe9bffd1e4d06b8f8d06a9e396e30a830555a768c5
- SSDEEP
  
  12288:aajAXYMjhvPie/rByY7777777777777vAxBWfDtrn6cJHvafzKx9gp+nmnXlN3+X:aajAXYMFniyy+AxUfZ6oifzIgomnXlNP
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2