agenttesla | 34f35e25f5e85ea07cc9cb7bf05e2131ecbbec0d545b47e3cad55f040c1adcfe | Triage

Sharing

General

Target

PdF-Payroll_Employee_1Contract_Amendment_June_2024.txz.exe
Size

657KB
Sample

240607-qg3s6shf83
MD5

5ab225f53b7717173dd4eb0809f75c35
SHA1

65532a12609b7b4aab609fedbef3a7d91452f2f1
SHA256

34f35e25f5e85ea07cc9cb7bf05e2131ecbbec0d545b47e3cad55f040c1adcfe
SHA512

6c19c0e7b856df0312d6c15b07006b31e85429a51a716ae12b42e5ece3d785d09322924dcbf5d249978055705074ca8c231baf4d438d3fdd225e9f2523a761ad
SSDEEP

12288:fzBk+OUyCECBPCB95M1dURaRnFLVSuKWDLo+wLia3Qqq0tygJWV9lr3s2Wp:f931nZhCT5MQREFFDlwP3Jq0ggG3sn

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
cemfa.com
Port:
587
Username:
[email protected]
Password:
mohamed@cemfa
Email To:
[email protected]

Targets

- Target
  
  PdF-Employee Payroll Contract Amendment June 2024.exe
- Size
  
  679KB
- MD5
  
  6f26c53438d1a4b138554599e3f196be
- SHA1
  
  77f09f81a4109a5c1948013176f4756635821755
- SHA256
  
  6bd4b1ca02bedf3c4d3fc74483a1c362cfc8830ed62b47333b344b43868850eb
- SHA512
  
  561abea082ceb7029bb2f0cd78c0efd241061c835bdb9f9d23d0af8c6911b7232bc0fa54960a6b33314c4d1505b18e2e3aeeb8b34190a08a0678e09446cb4986
- SSDEEP
  
  12288:O9E2iNStcYR0WNBpy0dZSDxDo45KVRsTgLasg+6KLSLH9nSEv+TmlXrVpnj2EAPf:O9E1McGhNvy71c4OsEE+6zLhS1w3U
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan