agenttesla | ec8fa5630a71161929284b4831692cef4a765d9702846062d881067295796f4b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Drawing and specification.zip
Size

601KB
Sample

240624-j968qswdkn
MD5

0fa6453dd77e3b05bc27085c615d64b6
SHA1

fc7d48ff8769460510a49ad61383177cdb0ab0ff
SHA256

ec8fa5630a71161929284b4831692cef4a765d9702846062d881067295796f4b
SHA512

af39f2a876018bd1bea01844302fc155e06816840d5dfdf77f7461431437b6d758118585ce33aead328c181210d4b15417976fb61524cc7c0d4cee47ebaafbbd
SSDEEP

12288:r78XAvRRKNlj64cu14jtkYZPtCoaYu1AFvRw2ZFoYz4LbMAzyJc/:roXKRRDCqtkCCoEqFe2ZFB4N0U

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.mahesh-ent.com
Port:
587
Username:
[email protected]
Password:
M@hesh3981
Email To:
[email protected]

Targets

- Target
  
  Drawing and specification.exe
- Size
  
  629KB
- MD5
  
  409d0a81698404e3cd87800136737298
- SHA1
  
  b13fb74db7228eed78fce6de266bf43555193f26
- SHA256
  
  afccbcb46f3ef4814055e5d4acbef95679cb05e80c7b57cdd49df43234cfae66
- SHA512
  
  4f3b3775cdac1fd199c0674c35b4d2ee3b13392f9aea6dc0fc321b2e9db2188eaa9f81afc4fca395d033b121a31e2a8adc41b0e269a3138b296b78e1b63979d1
- SSDEEP
  
  12288:EsYG8FAvRXKNlj6YcuN4jHkCZPtCoOYK1sFvzwqZFoYH4HbMwzyJcs:EYYKRXDiiHkkCoQyFkqZFR4j0
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan