agenttesla | 6be42d7e8ab6309248ec11a362abd79226faedf4f7b9a110094f303a166b2d93 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Order of CTS-SFCS-104.exe
Size

852KB
Sample

240623-284qbs1bpj
MD5

b60527779e09f5f02b4404fd051cb0c1
SHA1

8a7e9287ad714c6b29954e553faf52113f9f6d98
SHA256

6be42d7e8ab6309248ec11a362abd79226faedf4f7b9a110094f303a166b2d93
SHA512

8b95a40cd40b53f36455d9e05f7341b943daa8b8a5a7aeaee4479474570d98b5bde5feb0815f8898fe9f6dce945cd864a801cd1c0bcea27bf85f3dd88648c72c
SSDEEP

24576:TfTixkCRnIbQXc7nFne+ZDE43g47deneQDN:TfGkqIbQXyDNEy5UN

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.mahesh-ent.com
Port:
587
Username:
[email protected]
Password:
M@hesh3981
Email To:
[email protected]

Targets

- Target
  
  Order of CTS-SFCS-104.exe
- Size
  
  852KB
- MD5
  
  b60527779e09f5f02b4404fd051cb0c1
- SHA1
  
  8a7e9287ad714c6b29954e553faf52113f9f6d98
- SHA256
  
  6be42d7e8ab6309248ec11a362abd79226faedf4f7b9a110094f303a166b2d93
- SHA512
  
  8b95a40cd40b53f36455d9e05f7341b943daa8b8a5a7aeaee4479474570d98b5bde5feb0815f8898fe9f6dce945cd864a801cd1c0bcea27bf85f3dd88648c72c
- SSDEEP
  
  24576:TfTixkCRnIbQXc7nFne+ZDE43g47deneQDN:TfGkqIbQXyDNEy5UN
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan