agenttesla | 10f6d70d363d93fce85e92f2ea94a36eda4c755606581cd101652afaa97a91fc | Triage

Sharing

General

Target

10f6d70d363d93fce85e92f2ea94a36eda4c755606581cd101652afaa97a91fc.exe
Size

631KB
Sample

241122-cjwwraxrhp
MD5

8b627084e10ad9b77436a4c3d8ea5ebb
SHA1

7db5ee2ab5fdc91fa29a521f7f9779684f9e4abd
SHA256

10f6d70d363d93fce85e92f2ea94a36eda4c755606581cd101652afaa97a91fc
SHA512

45ccb2de3d572d2244f4676322834ddf8bf003ff7e4955bf5510ff082aa42cd1b519c6b9ee43dbad5eef6af96c6b5c6e8121e5ce0779aa4f1834bd1bbb57035f
SSDEEP

12288:f5AgFd918tPwTfYq1ZtoMxf5Cs814Aq/EamrnJuiu01x/pC9:hAg6wEMZtoMSs8DeEamlxxC

Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
graceofgod@amen
Email To:
[email protected]

Targets

- Target
  
  10f6d70d363d93fce85e92f2ea94a36eda4c755606581cd101652afaa97a91fc.exe
- Size
  
  631KB
- MD5
  
  8b627084e10ad9b77436a4c3d8ea5ebb
- SHA1
  
  7db5ee2ab5fdc91fa29a521f7f9779684f9e4abd
- SHA256
  
  10f6d70d363d93fce85e92f2ea94a36eda4c755606581cd101652afaa97a91fc
- SHA512
  
  45ccb2de3d572d2244f4676322834ddf8bf003ff7e4955bf5510ff082aa42cd1b519c6b9ee43dbad5eef6af96c6b5c6e8121e5ce0779aa4f1834bd1bbb57035f
- SSDEEP
  
  12288:f5AgFd918tPwTfYq1ZtoMxf5Cs814Aq/EamrnJuiu01x/pC9:hAg6wEMZtoMSs8DeEamlxxC
Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

behavioral2

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan