agenttesla

General

Target

2792-61-0x0000000001D60000-0x0000000001D90000-memory.dmp
Size

192KB
Sample

230808-hxnp7acf6z
MD5

f48e34aaaa84ac6c3e3d024166976ef1
SHA1

8c7904c2e8ede99f78e8ac6d785483cc18f72a3c
SHA256

1692f1bbcae677e37e686a64c0e7ada8ee75d2f8ef3ca75b0ffb494154e683a4
SHA512

a024b9cd3d831aecb40a6738bda919b63ea3d38c85b1224d43815af016b7ce87baa028bbfb582196ec236b85db5769455a01ec3d0fbdfe829a424830505904a5
SSDEEP

3072:I1MGK0rCjtVASUppYHx6Zak92AW3XRwRmJd4IEjSRvUStxXz3LnkF32:I1MGK0rCjtVUYHowkAAXRsnEWRHXzbnk

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://gmrentacar.gr
Port:
21
Username:
[email protected]
Password:
C[*TRO{a56?G

Targets

- Target
  
  2792-61-0x0000000001D60000-0x0000000001D90000-memory.dmp
- Size
  
  192KB
- MD5
  
  f48e34aaaa84ac6c3e3d024166976ef1
- SHA1
  
  8c7904c2e8ede99f78e8ac6d785483cc18f72a3c
- SHA256
  
  1692f1bbcae677e37e686a64c0e7ada8ee75d2f8ef3ca75b0ffb494154e683a4
- SHA512
  
  a024b9cd3d831aecb40a6738bda919b63ea3d38c85b1224d43815af016b7ce87baa028bbfb582196ec236b85db5769455a01ec3d0fbdfe829a424830505904a5
- SSDEEP
  
  3072:I1MGK0rCjtVASUppYHx6Zak92AW3XRwRmJd4IEjSRvUStxXz3LnkF32:I1MGK0rCjtVUYHowkAAXRsnEWRHXzbnk
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2