agenttesla

General

Target

01a9921402a5f16927078fb894525739afc8dd141cc78c94b0a6e6c57651cfd8
Size

403KB
Sample

231208-bk6xnsgd99
MD5

c081e925d1f5ffa3057680b76e354141
SHA1

fe2a4b9d382fffe418d34d101785ce7a787c6aa0
SHA256

01a9921402a5f16927078fb894525739afc8dd141cc78c94b0a6e6c57651cfd8
SHA512

14c554c4c2bccb5ce9299f4cbdf1bd1fd318d4e37ad77cbbf765ae04b539a896c33050c399cc0357ac74e3893a54805d5b2ceffbf5bc32ae4ecdb6b80b6ed6ae
SSDEEP

12288:D94/XlCUvQt1apQ7ERtLJ7N/vMmbCH/a9:DO5vzpvLJ7N3vCHS9

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.siscop.com.co
Port:
21
Username:
[email protected]
Password:
+5s48Ia2&-(t

Targets

- Target
  
  01a9921402a5f16927078fb894525739afc8dd141cc78c94b0a6e6c57651cfd8
- Size
  
  403KB
- MD5
  
  c081e925d1f5ffa3057680b76e354141
- SHA1
  
  fe2a4b9d382fffe418d34d101785ce7a787c6aa0
- SHA256
  
  01a9921402a5f16927078fb894525739afc8dd141cc78c94b0a6e6c57651cfd8
- SHA512
  
  14c554c4c2bccb5ce9299f4cbdf1bd1fd318d4e37ad77cbbf765ae04b539a896c33050c399cc0357ac74e3893a54805d5b2ceffbf5bc32ae4ecdb6b80b6ed6ae
- SSDEEP
  
  12288:D94/XlCUvQt1apQ7ERtLJ7N/vMmbCH/a9:DO5vzpvLJ7N3vCHS9
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2