agenttesla | be4b7116fa1243c9ad977381f3301854cca00273f968881bdf87c8e6777dca32 | Triage

Sharing

General

Target

r20240913TRANSFERENCIA.vbs
Size

96KB
Sample

241002-dkbsmstfpr
MD5

6189a9d977994601ef954a1a146e8d8d
SHA1

93c638448ad65e7b005fa7c4527786e5462b05f2
SHA256

be4b7116fa1243c9ad977381f3301854cca00273f968881bdf87c8e6777dca32
SHA512

21d6b94be5fdb9e65b77e22de584cbad6ec3cd751f28dc478bee1d74c686538d5ef7038d8293d3d704547df871bead4cfe4a14ee52bac59124b685040b82326d
SSDEEP

3072:7LoqFwl872xHXYxo12gEzZPQxMQuh7q+UUdwnu3:Y0wq72NMokdzZaDuhe+UAl

Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
marcellinus360
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
marcellinus360

Targets

- Target
  
  r20240913TRANSFERENCIA.vbs
- Size
  
  96KB
- MD5
  
  6189a9d977994601ef954a1a146e8d8d
- SHA1
  
  93c638448ad65e7b005fa7c4527786e5462b05f2
- SHA256
  
  be4b7116fa1243c9ad977381f3301854cca00273f968881bdf87c8e6777dca32
- SHA512
  
  21d6b94be5fdb9e65b77e22de584cbad6ec3cd751f28dc478bee1d74c686538d5ef7038d8293d3d704547df871bead4cfe4a14ee52bac59124b685040b82326d
- SSDEEP
  
  3072:7LoqFwl872xHXYxo12gEzZPQxMQuh7q+UUdwnu3:Y0wq72NMokdzZaDuhe+UAl
Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

behavioral2

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan