agenttesla | 2ca3194eae84f32ae144f02b4b98689eb8ae59718f764fa9c786f35428d0ce8d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ca3194eae84f32ae144f02b4b98689eb8ae59718f764fa9c786f35428d0ce8d
Size

887KB
Sample

240614-cdm2na1dlc
MD5

051f0cbd317144583989075d23984679
SHA1

7f1a76c62db396c047c24c8614caf32b8d21154e
SHA256

2ca3194eae84f32ae144f02b4b98689eb8ae59718f764fa9c786f35428d0ce8d
SHA512

1c90bce4ce6cc96d6d60264848ff5cf0a5f03d7dfd172068e1e05201810a611ec2d548add3d39912310604b43e5416c660958834d128f31815cc4d63df209db6
SSDEEP

12288:KQDUJdyCK2xrOos2H7ySH13GxH2wi52lOk6JLAFjA9Sg2Sqx+tbmDjMLaAkR:fgryC5s2GSIV2wRELAYSgc+k3n

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.genitechpower.com
Port:
587
Username:
[email protected]
Password:
+wc#g7Rn%{do
Email To:
[email protected]

Targets

- Target
  
  2ca3194eae84f32ae144f02b4b98689eb8ae59718f764fa9c786f35428d0ce8d
- Size
  
  887KB
- MD5
  
  051f0cbd317144583989075d23984679
- SHA1
  
  7f1a76c62db396c047c24c8614caf32b8d21154e
- SHA256
  
  2ca3194eae84f32ae144f02b4b98689eb8ae59718f764fa9c786f35428d0ce8d
- SHA512
  
  1c90bce4ce6cc96d6d60264848ff5cf0a5f03d7dfd172068e1e05201810a611ec2d548add3d39912310604b43e5416c660958834d128f31815cc4d63df209db6
- SSDEEP
  
  12288:KQDUJdyCK2xrOos2H7ySH13GxH2wi52lOk6JLAFjA9Sg2Sqx+tbmDjMLaAkR:fgryC5s2GSIV2wRELAYSgc+k3n
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan