agenttesla | 3012b1cdc6d41423e99d57dac314df023f3e993fd42ee66f09553827ff616c79 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3012b1cdc6d41423e99d57dac314df023f3e993fd42ee66f09553827ff616c79.exe
Size

690KB
Sample

240604-lml1dsch32
MD5

ecfbc6343e85f36fda76a7b66a342475
SHA1

59dd4a689d6e5fd4d07cc780a88d0b4902f369ee
SHA256

3012b1cdc6d41423e99d57dac314df023f3e993fd42ee66f09553827ff616c79
SHA512

2f635e264db29bdd871af05742e2695f65bc2fbad76e6736cccbed7495b1a9d5e81766a7fcd7844ec66898065a3f80d1130d48df3a3d27d3f99cc9baf19b4e2f
SSDEEP

12288:EHm21680skSKSIwz4lvmi3vcso51aAO/CDebcxz/2R6iouQNvyKhkfZC614IpBK:EHp1680JSNIG4lvHcso515bN/2T45hwx

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
)otE@Kl4
Email To:
[email protected]

Targets

- Target
  
  3012b1cdc6d41423e99d57dac314df023f3e993fd42ee66f09553827ff616c79.exe
- Size
  
  690KB
- MD5
  
  ecfbc6343e85f36fda76a7b66a342475
- SHA1
  
  59dd4a689d6e5fd4d07cc780a88d0b4902f369ee
- SHA256
  
  3012b1cdc6d41423e99d57dac314df023f3e993fd42ee66f09553827ff616c79
- SHA512
  
  2f635e264db29bdd871af05742e2695f65bc2fbad76e6736cccbed7495b1a9d5e81766a7fcd7844ec66898065a3f80d1130d48df3a3d27d3f99cc9baf19b4e2f
- SSDEEP
  
  12288:EHm21680skSKSIwz4lvmi3vcso51aAO/CDebcxz/2R6iouQNvyKhkfZC614IpBK:EHp1680JSNIG4lvHcso515bN/2T45hwx
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan