agenttesla | 018b23732bcac6e2ccc7d8130259b5085d10dafdac74737e1456b5f38ee2c81e | Triage

Submit
Reports

Overview

overview

Static

static

3

018b23732b...1e.exe

windows7-x64

018b23732b...1e.exe

windows10-2004-x64

Sharing

General

Target

018b23732bcac6e2ccc7d8130259b5085d10dafdac74737e1456b5f38ee2c81e
Size

603KB
Sample

240701-bc6lya1ejd
MD5

1b4cc3ed2613c27827d248b79870366b
SHA1

19ef093465e9b5d579730f36c742f86ab01e75c6
SHA256

018b23732bcac6e2ccc7d8130259b5085d10dafdac74737e1456b5f38ee2c81e
SHA512

497e5d2f11dff5148b084e3c3f6becf9370ff67540c210c6b20d4172d52c54a98361e5af21b7c23902bfc71f4985a439f5c9170d72e0fa5f7f502f47567725cc
SSDEEP

12288:q7D2+pR/soP9MsujwkZHX1Xx6+qwOkXN896U4yvZS:rCdPGjDlXxhpDdWTM

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

018b23732bcac6e2ccc7d8130259b5085d10dafdac74737e1456b5f38ee2c81e.exe

Resource

win7-20240611-en

agenttesla execution keylogger spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

018b23732bcac6e2ccc7d8130259b5085d10dafdac74737e1456b5f38ee2c81e.exe

Resource

win10v2004-20240508-en

agenttesla execution keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
[email protected]
Password:
Asaprocky11
Email To:
[email protected]

Targets

- Target
  
  018b23732bcac6e2ccc7d8130259b5085d10dafdac74737e1456b5f38ee2c81e
- Size
  
  603KB
- MD5
  
  1b4cc3ed2613c27827d248b79870366b
- SHA1
  
  19ef093465e9b5d579730f36c742f86ab01e75c6
- SHA256
  
  018b23732bcac6e2ccc7d8130259b5085d10dafdac74737e1456b5f38ee2c81e
- SHA512
  
  497e5d2f11dff5148b084e3c3f6becf9370ff67540c210c6b20d4172d52c54a98361e5af21b7c23902bfc71f4985a439f5c9170d72e0fa5f7f502f47567725cc
- SSDEEP
  
  12288:q7D2+pR/soP9MsujwkZHX1Xx6+qwOkXN896U4yvZS:rCdPGjDlXxhpDdWTM
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy