agenttesla | f5f8aa23b469c5c7a6ad1269ab7446dfc730f1b71cf4856301cfd49427cb935d | Triage

Sharing

General

Target

f5f8aa23b469c5c7a6ad1269ab7446dfc730f1b71cf4856301cfd49427cb935d
Size

757KB
Sample

241014-s3b9fssbqf
MD5

824f47860555820df3e3b77bd2984753
SHA1

68764442b914774cd1643ad60d039e026973b85f
SHA256

f5f8aa23b469c5c7a6ad1269ab7446dfc730f1b71cf4856301cfd49427cb935d
SHA512

2ecdbad2847df8b9a95343326035a401e27e6a1d408a89285d44b7a665501b27046821d556c5906ef2ee6c16793d9ac6006e3a34d105955e63a4a78ac99b3d97
SSDEEP

12288:vcnkaAvY2ur1w6TJaqSpYGn/YcnyHsqePdBa+2dg11QCQWKNh4Mth9hLOB411Zi7:o+vLur1whHYG/Y/MqePdA+/QC/aVthL8

Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.usgrovemall.com
Port:
587
Username:
[email protected]
Password:
Maximzed@#$#
Email To:
[email protected]

Targets

- Target
  
  SOA-Sep.exe
- Size
  
  847KB
- MD5
  
  4140a74da75f375f2b4151931b688c3e
- SHA1
  
  1e7aa620f9e61c93357675eb9e15ee9c0a0d4fc0
- SHA256
  
  21fb09c471f291503243aeac97db0e4522c1900b8daefb22e2ac3b0a2d5e80e4
- SHA512
  
  49585fe8fe3cdd3261df07d4e1e7ccc6ed4c99dff30c8d6fc74e163a02610a1fe703a53882b5b01bd0c08275f124f8529744cde58c4bb0c8652e19597e34db70
- SSDEEP
  
  12288:CN59USHKqby/ZWQLWMvU2a6ZwF/cqwjf8xJbJ1SLfqx0NeG99wCWIqr+nCggSFOM:CxMh1LWMvxxiJbsf2GXwaqipgSPP
Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

behavioral2

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan