agenttesla | f4e871c88f121fba6db10097ded1ac51fb1064fbeac735fb8561dce56f7b9d93 | Triage

Sharing

General

Target

f4e871c88f121fba6db10097ded1ac51fb1064fbeac735fb8561dce56f7b9d93
Size

864KB
Sample

241120-bwvc1sxhrq
MD5

7c5c5d845db013daeeda690370767c41
SHA1

0d20bcfc5da737177d4b5d4e692b5eed728c6eeb
SHA256

f4e871c88f121fba6db10097ded1ac51fb1064fbeac735fb8561dce56f7b9d93
SHA512

6e855b9d89a52e952ec507a09367d925c579b8ecd671eb29d10b8a15b5e423798fab0e56536ca4acd3073a5d22eaedd77fdddf04b708f402f2f6eb952d3d9f87
SSDEEP

24576:S80o7xVEfJLKXGRFfE+rjgxU/HslXrW1q:e1JkafE+4xiarT

Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
[email protected]
Password:
manlikeyou88
Email To:
[email protected]

Targets

- Target
  
  f4e871c88f121fba6db10097ded1ac51fb1064fbeac735fb8561dce56f7b9d93
- Size
  
  864KB
- MD5
  
  7c5c5d845db013daeeda690370767c41
- SHA1
  
  0d20bcfc5da737177d4b5d4e692b5eed728c6eeb
- SHA256
  
  f4e871c88f121fba6db10097ded1ac51fb1064fbeac735fb8561dce56f7b9d93
- SHA512
  
  6e855b9d89a52e952ec507a09367d925c579b8ecd671eb29d10b8a15b5e423798fab0e56536ca4acd3073a5d22eaedd77fdddf04b708f402f2f6eb952d3d9f87
- SSDEEP
  
  24576:S80o7xVEfJLKXGRFfE+rjgxU/HslXrW1q:e1JkafE+4xiarT
Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

behavioral2

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan