agenttesla | bb1cbd0fd591bed430c586933cced40166d459cfd324c738e5d3d6cd8e154a36 | Triage

Sharing

General

Target

bb1cbd0fd591bed430c586933cced40166d459cfd324c738e5d3d6cd8e154a36.exe
Size

820KB
Sample

241212-c6c26axpev
MD5

0b87c44a55bc24c1a96e1797c939bb10
SHA1

af91b2b662f7a1827fba6bf5158178dd8cebcbd7
SHA256

bb1cbd0fd591bed430c586933cced40166d459cfd324c738e5d3d6cd8e154a36
SHA512

e5938abe43807c803726c20a21c4c970e03f3caca72b370288b428aaa8a553b3f219039386819eb9df662ed4b02a8a11a12ef2e3e6d5cba1a5e413d14fc8948f
SSDEEP

12288:EoMKhM39TXsTAiM6kVRl+64Oh0dRnlRq1SXx0JmHT2p45kM61iBoVm:tMacicY5dReoXx00HqskM6cBt

Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
[email protected]
Password:
manlikeyou88
Email To:
[email protected]

Targets

- Target
  
  bb1cbd0fd591bed430c586933cced40166d459cfd324c738e5d3d6cd8e154a36.exe
- Size
  
  820KB
- MD5
  
  0b87c44a55bc24c1a96e1797c939bb10
- SHA1
  
  af91b2b662f7a1827fba6bf5158178dd8cebcbd7
- SHA256
  
  bb1cbd0fd591bed430c586933cced40166d459cfd324c738e5d3d6cd8e154a36
- SHA512
  
  e5938abe43807c803726c20a21c4c970e03f3caca72b370288b428aaa8a553b3f219039386819eb9df662ed4b02a8a11a12ef2e3e6d5cba1a5e413d14fc8948f
- SSDEEP
  
  12288:EoMKhM39TXsTAiM6kVRl+64Oh0dRnlRq1SXx0JmHT2p45kM61iBoVm:tMacicY5dReoXx00HqskM6cBt
Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

behavioral2

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan