agenttesla | 33f7683c768daecbad44d0b27d44ff13be3340d1cb81fb59dbfd7558cca21797 | Triage

Submit
Reports

Overview

overview

Static

static

3

33f7683c76...97.exe

windows7-x64

33f7683c76...97.exe

windows10-2004-x64

Sharing

General

Target

33f7683c768daecbad44d0b27d44ff13be3340d1cb81fb59dbfd7558cca21797
Size

716KB
Sample

240630-bwcsza1gqa
MD5

251fbed59bfea87dc028bec0355660f8
SHA1

19c82620739cf35fffa335c61f810801b9296e10
SHA256

33f7683c768daecbad44d0b27d44ff13be3340d1cb81fb59dbfd7558cca21797
SHA512

9f094a07c3698ee17ba947581e18f3b4dc054172b0e1cfee69659504e5e7cf66a6cc65b6141278108011081695f04dfcfad80f52618db12f9c0ad75ffa428a26
SSDEEP

12288:eh34uhfuk+c9uDr3r4hxmLAd0SPv56HJgMq+eHMI2QYz8i6Wwg1VFjFvk:ehzwkVUDr30hwLgQJSP1ZoxFM

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

33f7683c768daecbad44d0b27d44ff13be3340d1cb81fb59dbfd7558cca21797.exe

Resource

win7-20240611-en

agenttesla execution keylogger spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

33f7683c768daecbad44d0b27d44ff13be3340d1cb81fb59dbfd7558cca21797.exe

Resource

win10v2004-20240611-en

agenttesla execution keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.veerelectronics.com
Port:
587
Username:
[email protected]
Password:
diya@happy4594
Email To:
[email protected]

Targets

- Target
  
  33f7683c768daecbad44d0b27d44ff13be3340d1cb81fb59dbfd7558cca21797
- Size
  
  716KB
- MD5
  
  251fbed59bfea87dc028bec0355660f8
- SHA1
  
  19c82620739cf35fffa335c61f810801b9296e10
- SHA256
  
  33f7683c768daecbad44d0b27d44ff13be3340d1cb81fb59dbfd7558cca21797
- SHA512
  
  9f094a07c3698ee17ba947581e18f3b4dc054172b0e1cfee69659504e5e7cf66a6cc65b6141278108011081695f04dfcfad80f52618db12f9c0ad75ffa428a26
- SSDEEP
  
  12288:eh34uhfuk+c9uDr3r4hxmLAd0SPv56HJgMq+eHMI2QYz8i6Wwg1VFjFvk:ehzwkVUDr30hwLgQJSP1ZoxFM
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy