agenttesla | c808b60eb47ad1e8a89b548de2551f892c0d8599aea108624ea33f18fed09550 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c808b60eb47ad1e8a89b548de2551f892c0d8599aea108624ea33f18fed09550
Size

651KB
Sample

240531-ge1flagh9t
MD5

db7d61a81ffc5be4a444330e8774258e
SHA1

6414a4894f3f82ce8ef916241e60b3d18843eb84
SHA256

c808b60eb47ad1e8a89b548de2551f892c0d8599aea108624ea33f18fed09550
SHA512

04e43a3968ca1854bddb1b755a6db350a0d3c4ebe359f540767d0153c7f2751c403a06d4146ed1f6d5867a4600a50a82b3ea94f3b3c19b3aa3732b7d985df0c6
SSDEEP

12288:UohH2mlesu/svO+bpHKBRamjh17706B6ik06yTzu/Pxr1SrQjcpEW5aOocQS1:MauUvGR/17B6iNFqXxro8gqW8tcQS1

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yubacuba.online
Port:
587
Username:
[email protected]
Password:
vynKZC)6
Email To:
[email protected]

Targets

- Target
  
  Wire Transfer_50%.scr
- Size
  
  702KB
- MD5
  
  75ab15fbca47afe46edcdf780e735202
- SHA1
  
  38db8eecf27a76f90d3112adf3fc51fd5f148268
- SHA256
  
  e88baf5acfd1ae0f89bf1d218b175ae310fc114e05a9381f3a0cccb5f9baa4fa
- SHA512
  
  ef63fac25aaa6223c37114c6cd94d14906f4e4537a620ec5b56f17f0acae78b3e04b17d88defaff4b8ce9e91f20f9d64517a542ecea6ae94c22dcbef9f637d9b
- SSDEEP
  
  12288:QtUXc8hhznQlr9PR/y/BFI4z9/qEROHHYT3QxedCTbwaGPZMX7yaZrcod24kR:DhzQlr9PZE24z9CERgMgxv9kZd
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan