agenttesla | 65fb96e41313e772693e4ef8ea0dee880afca7d2f433d51d82e58488a0285e30 | Triage

Resubmissions

18/10/2022, 12:02

221018-n7qkesgabm 10

18/10/2022, 12:00

221018-n6hhesffh2 10

18/10/2022, 11:57

221018-n44mwafhhn 10

Sharing

Copy URL Twitter E-mail

General

Target

Rechnung_0430.18.10.2022.img
Size

1.2MB
Sample

221018-n7qkesgabm
MD5

d17883f28325be6e4e4ee9d756758c1e
SHA1

925cde51929d961969453743b842aa89f476f08a
SHA256

65fb96e41313e772693e4ef8ea0dee880afca7d2f433d51d82e58488a0285e30
SHA512

707a9aa6393496d583ca21d6f02b07cb92d2f3fe943a87116d66573535330c3821412fcec23347145429b46d5d6e0254a76de35e07e480d4914c3a9e9d1f27e7
SSDEEP

192:h6ZmEShCpPhSm2Hku4Bz3JcDv64keVCoCc48wxc8:GQhePhSNHkFByL6PoCV8wn

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://clinica-aesthetica.ro/rekt.txt

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.logistor.hu
Port:
21
Username:
[email protected]
Password:
Anon0850!@#

Targets

- Target
  
  RECHNUNG.CHM
- Size
  
  14KB
- MD5
  
  08a0e04436c23bf6a782c8efafcae926
- SHA1
  
  f55793813e00860f73434420416b4842ccc99ea4
- SHA256
  
  208ae3fa8a9bf3bf933338e19e75b0b1cbc813912dbccd016ab231e35b5f6a61
- SHA512
  
  c1ae69fa4a4b83b216b3ca7f846898b37d3f65f293ec3e4a62068e9c651a2b5dd367a2a3488d6f8533722e29ab455ce1f62391719dcf4c3d4dcfc2e146905d1c
- SSDEEP
  
  192:7hCpPhSm2Hku4Bz3JcDv64keVCoCc48wxc8:7hePhSNHkFByL6PoCV8wn
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan