agenttesla | 72e8d2bb7af726863d95979d91fca5bdc122ea16ec68945781f65a8ff4cad3c9 | Triage

Sharing

General

Target

72e8d2bb7af726863d95979d91fca5bdc122ea16ec68945781f65a8ff4cad3c9
Size

872KB
Sample

240625-cs245ayfrk
MD5

278bfeb8f64cfcc51cccff93488e291a
SHA1

325411b1d8332d4f7caeafbb010860bd65a97c0e
SHA256

72e8d2bb7af726863d95979d91fca5bdc122ea16ec68945781f65a8ff4cad3c9
SHA512

6d460ea4e539a074c844b01b89647a85c646413b4fb386510874627001310a9a51d1c20969db094d28156086ba4927308d9c3c250e9e5869879f9854b6abf93e
SSDEEP

24576:mCTipRko9TNTGuugxbFcEyJFAGV1YLj+TOQDL:mCwkoFN/xdy/ALv+NL

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
[email protected]
Password:
Asaprocky11
Email To:
[email protected]

Targets

- Target
  
  72e8d2bb7af726863d95979d91fca5bdc122ea16ec68945781f65a8ff4cad3c9
- Size
  
  872KB
- MD5
  
  278bfeb8f64cfcc51cccff93488e291a
- SHA1
  
  325411b1d8332d4f7caeafbb010860bd65a97c0e
- SHA256
  
  72e8d2bb7af726863d95979d91fca5bdc122ea16ec68945781f65a8ff4cad3c9
- SHA512
  
  6d460ea4e539a074c844b01b89647a85c646413b4fb386510874627001310a9a51d1c20969db094d28156086ba4927308d9c3c250e9e5869879f9854b6abf93e
- SSDEEP
  
  24576:mCTipRko9TNTGuugxbFcEyJFAGV1YLj+TOQDL:mCwkoFN/xdy/ALv+NL
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan