agenttesla | c6336db1bae9e731e2871db4c9d2bf369ea435369f781431d5c65ee6934e569f | Triage

Sharing

General

Target

c6336db1bae9e731e2871db4c9d2bf369ea435369f781431d5c65ee6934e569f
Size

721KB
Sample

240625-caa8pavajc
MD5

b08b50c46308b7f6bdd6b117a7bd6cbf
SHA1

560aa4d41db9a4fdae66f37b268138f859f8d59f
SHA256

c6336db1bae9e731e2871db4c9d2bf369ea435369f781431d5c65ee6934e569f
SHA512

b2ae821c2ef6c6198c17550bb55505da865f74943a60b94e1946991f322194fa34bad26f29b0a75d5464cc5adfd669d1a0737ea93f06487f0051b26a8b9045f1
SSDEEP

12288:dB3R8fL+pKqAmGfXXjd16yIb/EvLbNNEIjJMRTFFyzzCufU:d5tEq2vp1/z4IjJMpFFyy

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.voivocars.com
Port:
587
Username:
[email protected]
Password:
ettyquest11
Email To:
[email protected]

Targets

- Target
  
  c6336db1bae9e731e2871db4c9d2bf369ea435369f781431d5c65ee6934e569f
- Size
  
  721KB
- MD5
  
  b08b50c46308b7f6bdd6b117a7bd6cbf
- SHA1
  
  560aa4d41db9a4fdae66f37b268138f859f8d59f
- SHA256
  
  c6336db1bae9e731e2871db4c9d2bf369ea435369f781431d5c65ee6934e569f
- SHA512
  
  b2ae821c2ef6c6198c17550bb55505da865f74943a60b94e1946991f322194fa34bad26f29b0a75d5464cc5adfd669d1a0737ea93f06487f0051b26a8b9045f1
- SSDEEP
  
  12288:dB3R8fL+pKqAmGfXXjd16yIb/EvLbNNEIjJMRTFFyzzCufU:d5tEq2vp1/z4IjJMpFFyy
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan