agenttesla | 66326d86d9311534e5c79809a6a9c54f34f87b8c31756112a82d4cb5a8f47d4a | Triage

Sharing

General

Target

66326d86d9311534e5c79809a6a9c54f34f87b8c31756112a82d4cb5a8f47d4a
Size

659KB
Sample

250109-d16yqaypek
MD5

1bbca7177614b854900d6123fe879051
SHA1

25d7915cfc1b32ed5c1fd1020aa172ce1e1e4b8e
SHA256

66326d86d9311534e5c79809a6a9c54f34f87b8c31756112a82d4cb5a8f47d4a
SHA512

b738bb2825f2908ace8807c3e2e6f8584263aca46c12c0e5cdc05e602cad1895a8638fd4efd031b0994fb16ca6beac1a80b2ef74f282a7ff8dc150618e478b15
SSDEEP

12288:IuEbKtefdef13b0Undd/YPKponellWNwmjJDvn3HTYtTQaxUzdrFdwdIjWWyZ:/EbKtHf1L0mddJuesNxjJL3HTYbxUzdq

Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.thelamalab.com
Port:
587
Username:
[email protected]
Password:
Thel@malab@20!9
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
mail.thelamalab.com
Port:
587
Username:
[email protected]
Password:
Thel@malab@20!9

Targets

- Target
  
  New order.exe
- Size
  
  786KB
- MD5
  
  08d7fbb6862dcb82dc8cde80068db6c3
- SHA1
  
  86d0b5b41b9061d27e09571e5569e1eb62552367
- SHA256
  
  d560c0f26753eba85047f309ddc73797dc7b3c7e14d9b0328eaead50ef7c1338
- SHA512
  
  06e1e9b676af40fdc7eec3aafd6a7b057b44616c0117e09a05d9351fd3811ac0c440fc9c5b5b03d8d52fe882af47253137d3c5d7e02ddca067ca1f316f040a32
- SSDEEP
  
  24576:72T8S0ck7WVwEddb0euZ5P13lbTYDRWzHrXN9q:7E8S0cd62nu71lbc4zbLq
Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

behavioral2

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan