agenttesla

General

Target

2588-20-0x0000000000620000-0x0000000000662000-memory.dmp
Size

264KB
Sample

231210-t46p5agbcm
MD5

78649a456b4564608a726c5267c217cf
SHA1

450b9642bcd9317a32ea00cab802f2f8a21dc55d
SHA256

b539af50fb1f4a2dac1b502eae1085e2a89d32b9bea24454b1c721caf49a2185
SHA512

ebc0bdd2e43177d1c8458e7ed4288398423ca7c541dfae66646439214b2e9968f2eba5fc32a43e9506cafd212c3d3e8fb9f6519d8ba91309053840771874345d
SSDEEP

3072:OVoUEQ8wEQnvXmohpF+ojbkTToy5IuR4F+O:lUEQ8wEQnPx7FVbaM4Rs

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.siscop.com.co
Port:
21
Username:
[email protected]
Password:
+5s48Ia2&-(t

Extracted

Credentials

Protocol: ftp
Host:
ftp.siscop.com.co
Port:
21
Username:
[email protected]
Password:
+5s48Ia2&-(t

Targets

- Target
  
  2588-20-0x0000000000620000-0x0000000000662000-memory.dmp
- Size
  
  264KB
- MD5
  
  78649a456b4564608a726c5267c217cf
- SHA1
  
  450b9642bcd9317a32ea00cab802f2f8a21dc55d
- SHA256
  
  b539af50fb1f4a2dac1b502eae1085e2a89d32b9bea24454b1c721caf49a2185
- SHA512
  
  ebc0bdd2e43177d1c8458e7ed4288398423ca7c541dfae66646439214b2e9968f2eba5fc32a43e9506cafd212c3d3e8fb9f6519d8ba91309053840771874345d
- SSDEEP
  
  3072:OVoUEQ8wEQnvXmohpF+ojbkTToy5IuR4F+O:lUEQ8wEQnPx7FVbaM4Rs
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2