agenttesla | a2f855a7ea95aaefe612806001db58f149906ff4fea40a25f82f75b089a3436e | Triage

Sharing

General

Target

0b87c44a55bc24c1a96e1797c939bb10.bin
Size

720KB
Sample

241213-bc51eatkhs
MD5

941f166a4b6b3f5824d59a5eda3ba2d5
SHA1

2363c78d15036278323651a1b58a7caa519ad70f
SHA256

a2f855a7ea95aaefe612806001db58f149906ff4fea40a25f82f75b089a3436e
SHA512

5ffdc9f238b7d1874fb06bb61a550e4d4e14959ba836bc0c7c539bc1b9ff49b5b46981131c194524c89459db100b67b45dc2b3f34ab02c91bb42632dba4a1645
SSDEEP

12288:jbvl1qWyWLPSilxowmnpEhjlf3MYHvBIu2c+R6mkz1UU1vFNzr0Dp/KqU6RjDau:jbt1qWrPLUp0f3HpIuJAGv1dNyRK3u

Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
[email protected]
Password:
manlikeyou88
Email To:
[email protected]

Targets

- Target
  
  bb1cbd0fd591bed430c586933cced40166d459cfd324c738e5d3d6cd8e154a36.exe
- Size
  
  820KB
- MD5
  
  0b87c44a55bc24c1a96e1797c939bb10
- SHA1
  
  af91b2b662f7a1827fba6bf5158178dd8cebcbd7
- SHA256
  
  bb1cbd0fd591bed430c586933cced40166d459cfd324c738e5d3d6cd8e154a36
- SHA512
  
  e5938abe43807c803726c20a21c4c970e03f3caca72b370288b428aaa8a553b3f219039386819eb9df662ed4b02a8a11a12ef2e3e6d5cba1a5e413d14fc8948f
- SSDEEP
  
  12288:EoMKhM39TXsTAiM6kVRl+64Oh0dRnlRq1SXx0JmHT2p45kM61iBoVm:tMacicY5dReoXx00HqskM6cBt
Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

behavioral2

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan