agenttesla | 0b70fa9f14fa3bd0593c24b555e9214d957cb08520876f545f820786126be736 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d54b88bf2b6bcd1126ef4eb20d9e9f9.bin
Size

12KB
Sample

230510-bpna5afe9s
MD5

f49b716dcdd85fdf2f65ea55e6023a73
SHA1

b4dcfc361e962500f30b574d1f753dd3a4e4fe16
SHA256

0b70fa9f14fa3bd0593c24b555e9214d957cb08520876f545f820786126be736
SHA512

6a2ce785e2f0aec9478699a7502901b3801ceb470718ddc7a791702565f932c8e419c48304fe8f99366bd116611a26c8e523caf5d1f757a11ad418b6501a8116
SSDEEP

384:EWYW8xyMoXz2dxY2cKWoqIYRjXznt3G1mIHD:EW98sJ8xY2cKF4R7zt3o

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://172.174.176.153/dll/new_rump_vb.net.txt

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.ocp.mx
Port:
21
Username:
[email protected]
Password:
lasco4000

Targets

- Target
  
  d9577a11fb93cf09c220f70d087e55eb4c7c5fed0537aebd8013e7e01a8d5d15.vbs
- Size
  
  92KB
- MD5
  
  3d54b88bf2b6bcd1126ef4eb20d9e9f9
- SHA1
  
  1fe4483c54fa7da0ea4ee769a36d8717da12e0d1
- SHA256
  
  d9577a11fb93cf09c220f70d087e55eb4c7c5fed0537aebd8013e7e01a8d5d15
- SHA512
  
  c5285a0b26d35bcfa60bf291ac924e09a6dd413ee93d4b0babfc71ce9dd34f3507bed4c7d8f704797f315d0125bd1a7eeda50ca855f1c3a16e090f2c67d960e6
- SSDEEP
  
  768:mnHGdUBDCKtfYjE3Luo4+eaWZxidnOk9p0YFPk9Wai2Y:OHGd+CKtfSo4+sxidnOk9p0YFNai2Y
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan