agenttesla | 098542eccef1c9a19b87decfb6f6372ae1b41155836f90f16a876ae46256acb6 | Triage

Submit
Reports

Overview

overview

Static

static

5

Quotation ...ng.exe

windows7_x64

Quotation ...ng.exe

windows10-2004_x64

Sharing

General

Target

098542eccef1c9a19b87decfb6f6372ae1b41155836f90f16a876ae46256acb6
Size

1.0MB
Sample

220521-m9qsjadcg2
MD5

1b8bdbcb7a232d8aed8cad50812fc5a5
SHA1

f8bcdb6634748d04f6a8d859e8a7f527eb2b4fb5
SHA256

098542eccef1c9a19b87decfb6f6372ae1b41155836f90f16a876ae46256acb6
SHA512

89292d9a67ffe12afcee42a2dfe1073df4d8710c95e3d4d0fc1782a74db3d5a52eb10f6fdcdd5bd79bbdf8ac2da84b70167da1b8bcedefb54f1fe292b3f016cf

Score

10^/10

agenttesla collection keylogger spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

Quotation United Trading.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Quotation United Trading.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.mse.com.cy/
Port:
21
Username:
bugattimse@mse.com.cy
Password:
(tKJ.wvnN~5d

Protocol: ftp
Host:
ftp://ftp.mse.com.cy/
Port:
21
Username:
bugattimse@mse.com.cy
Password:
(tKJ.wvnN~5d

Extracted

Credentials

Protocol: ftp
Host:
ftp.mse.com.cy
Port:
21
Username:
bugattimse@mse.com.cy
Password:
(tKJ.wvnN~5d

Targets

- Target
  
  Quotation United Trading.exe
- Size
  
  1.4MB
- MD5
  
  33636b2c1e2808a579560b37f93b2e56
- SHA1
  
  b1cc0777b0cdc51fd56f2e0fe290c0578e085458
- SHA256
  
  9a2467d92dd6c5e322439643e05041f151b6bf6e9c8c410f96fe6ab969ea8882
- SHA512
  
  e22a29df6381870817b3960bf97237c99965ce20aea23c25de2ee7fc9dda159ce41448e817f7ebbcba7c2c350ce5444040db5e7cc958643bb4a527d6d3338a7a
Score

10^/10

agenttesla collection keylogger spyware stealer trojan suricata
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- suricata: ET MALWARE AgentTesla Exfil via FTP
  suricata: ET MALWARE AgentTesla Exfil via FTP
  suricata
- suricata: ET MALWARE AgentTesla HTML System Info Report Exfil via FTP
  suricata: ET MALWARE AgentTesla HTML System Info Report Exfil via FTP
  suricata
- AgentTesla Payload
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy