agenttesla | dbcf1ee89f2f1772a4254bc84308b186e2b4279c363b7063e801215e339c373a | Triage

Sharing

General

Target

dbcf1ee89f2f1772a4254bc84308b186e2b4279c363b7063e801215e339c373a
Size

1.4MB
Sample

240606-cwg85aff89
MD5

cb5775e2c93925fa0af65ef16f54da08
SHA1

e4f785f45a6bf81996278872eca195fd4ce81ce2
SHA256

dbcf1ee89f2f1772a4254bc84308b186e2b4279c363b7063e801215e339c373a
SHA512

46facc22dbda6e3e43323f1cdfdc3980cdbf786e005c63b73e4d72be3f904cea924d03d3b2113b045b7218a66c6d2abfa42a71586b6992a9c1bf3ff437684c80
SSDEEP

24576:Z6OZli7Eeyq5BpQj+RQIOlYjJfph1i1q:Z6XEe7kj+RQIO4Lh1P

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
shared167.accountservergroup.com
Port:
587
Username:
[email protected]
Password:
Stanley @123#

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
shared167.accountservergroup.com
Port:
587
Username:
[email protected]
Password:
Stanley @123#
Email To:
[email protected]

Targets

- Target
  
  INQUIRY FOR TI ORDER IN HAND.exe
- Size
  
  914KB
- MD5
  
  be162a79f5b63797e12633d22e2be636
- SHA1
  
  45013c639574e42626d90695397556af763d6320
- SHA256
  
  cd99bbc0a0e633dc0aeefd6d10248559f9fd295b77b05989834f75364596c968
- SHA512
  
  89c777b2f267d0cb2c242e5e4a32099a6fbb0e5ac7437a2f918ce4a2ab74b7196012cb6e31039087d80498d425b802ff1e9c22953c53362d3894bccea891db58
- SSDEEP
  
  24576:q6OZli7Eeyq5BpQj+RQIOlYjJfph1i1q:q6XEe7kj+RQIO4Lh1P
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan