agenttesla | 7973da7008795191f8198de5e9303f5b1bad2007b7170e9d355016bd62bee374 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7973da7008795191f8198de5e9303f5b1bad2007b7170e9d355016bd62bee374.7z
Size

750KB
Sample

240609-ms6gnaac56
MD5

8456aa931daf82837588f84a63cf83ea
SHA1

7d5af0bd4b495e5bd01996e04ad16c3aaaa971c5
SHA256

7973da7008795191f8198de5e9303f5b1bad2007b7170e9d355016bd62bee374
SHA512

2fc9e27330f64ae4cdb6f27d0b943fd51fbe9eeff04a7855eedc160dc607da6fbb35d5e195cdaee72337ed8933317c4e47c9408cb819c1e6b253b649b19fd264
SSDEEP

12288:4ywcNDZpI3+uB5RxFTbXqXi4tdZSrKRDHSf8zu4o/AkqQdj0lLvaSYyKMj/ziCmB:JZpS+uB7TbXqX7EKDHQ83oEw4hSSYylc

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
[email protected]
Password:
webmaster
Email To:
[email protected]

Targets

- Target
  
  NEW ORDER.exe
- Size
  
  981KB
- MD5
  
  5f9d30eb9bef9905b589e731643c4c0e
- SHA1
  
  ecaf5e67f600b6e4016f441a79594e8fcc3a7d67
- SHA256
  
  e28f384946d7a17d59de700e40186725163b534eab150d6be5327187e7f83a28
- SHA512
  
  033bc257cb86248394815de68d698291f5786a6c53f8edd4f3a7dbaccda9d93c502d72bf7f14ca0d0aabb01a40ff12e8811564dc66442adcd5d2e7169c2f1542
- SSDEEP
  
  24576:xl6EdjC5OCuNqGZpM+CYQyb0FXa7uczQ8cgiBq0SjbYuX0J1:xl6EdjC5OlRkRYQ+0taqczQgsq0S4dJ1
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan