agenttesla | b9f032ba0b9d120fbac9cfd187cf353c1361ffc915ee1d38bc79e85b4de22f0f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b9f032ba0b9d120fbac9cfd187cf353c1361ffc915ee1d38bc79e85b4de22f0f
Size

608KB
Sample

240626-btxelawdpa
MD5

66ffbf4bdb95d539d247db4e0136ae4d
SHA1

f8fa1f111b739dd9957a635cf02a1556add635af
SHA256

b9f032ba0b9d120fbac9cfd187cf353c1361ffc915ee1d38bc79e85b4de22f0f
SHA512

7958d8b10f42a38e31dee90d52e2bae0081d89c77a6ec5f7dd5d4c688feab58290fef9fe97e2aba1db157d2323f34a4e80731dade9207c65b43b3fdec9c9bdb9
SSDEEP

12288:02s/9y62UDzv6KFIb0P2VK7myfpwSopn8u6vrV69a2+FUem4Mr9:YhvmbM5KCpwJpFGpO3+FxE

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
UTjMgxC7qqqqG5651@@
Email To:
[email protected]

Targets

- Target
  
  b9f032ba0b9d120fbac9cfd187cf353c1361ffc915ee1d38bc79e85b4de22f0f
- Size
  
  608KB
- MD5
  
  66ffbf4bdb95d539d247db4e0136ae4d
- SHA1
  
  f8fa1f111b739dd9957a635cf02a1556add635af
- SHA256
  
  b9f032ba0b9d120fbac9cfd187cf353c1361ffc915ee1d38bc79e85b4de22f0f
- SHA512
  
  7958d8b10f42a38e31dee90d52e2bae0081d89c77a6ec5f7dd5d4c688feab58290fef9fe97e2aba1db157d2323f34a4e80731dade9207c65b43b3fdec9c9bdb9
- SSDEEP
  
  12288:02s/9y62UDzv6KFIb0P2VK7myfpwSopn8u6vrV69a2+FUem4Mr9:YhvmbM5KCpwJpFGpO3+FxE
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan