agenttesla | 1846bc9f43096f2257427698887dbdddd08a1742949baf3229253efcafbccfc6 | Triage

Submit
Reports

Overview

overview

Static

static

3

PO 4500005...LA.exe

windows7-x64

PO 4500005...LA.exe

windows10-2004-x64

Sharing

General

Target

1846bc9f43096f2257427698887dbdddd08a1742949baf3229253efcafbccfc6.7z
Size

591KB
Sample

240702-bf7y6s1brg
MD5

5da8efb68379590fccaf5ab65fc1f5c6
SHA1

5fa908bfdeecc5c63f3d467d384dfe0dfdb20665
SHA256

1846bc9f43096f2257427698887dbdddd08a1742949baf3229253efcafbccfc6
SHA512

375821ce185b2d57b7eb279bd4093d97ab4147c2d2d9bd3a7f1acba614457c391220100615e175590604f7d86ac5ad16b37bcef9cca8cda79af04639cc9d34b5
SSDEEP

12288:ibPpNAZlSGlsnt6Sd5Mb0OwXKSr8nAteaakkY1tc0QaTivyYtBls:OisGuTdFSSr8Atwoc0mv5G

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PO 4500005168 NIKOLA.exe

Resource

win7-20231129-en

agenttesla execution keylogger spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO 4500005168 NIKOLA.exe

Resource

win10v2004-20240611-en

agenttesla execution keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
587
Username:
[email protected]
Password:
Asaprocky11
Email To:
[email protected]

Targets

- Target
  
  PO 4500005168 NIKOLA.exe
- Size
  
  640KB
- MD5
  
  6dd4f871c7d18b3f1b45a7112c21ced3
- SHA1
  
  e4f29ee54067cb1b18269e652f0b9deea63f437b
- SHA256
  
  6232ba2d8c8ca87c37818660014882d4d0536d7296e08f2c37ba1c692b901f66
- SHA512
  
  201478a2c249882aaa3c79ea633738d197b8be373648926b722775ba0bcc698a53680cdce79c30d76bc587b68a2c55839304b0abe8ccccca11778fc3cf960723
- SSDEEP
  
  12288:YAt3lRPMManKx996Fd5UtTOOXKQrdMuZeoakR+pt7aQaBnvy8K:R1RO+Gd+8QrdLZbe7a5vB
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy