agenttesla | 64b63793d096661c6c406b8944c179baac0ac3481941ed233132b1e69c8afec3 | Triage

Sharing

General

Target

DEKONT-13-02-2024-98766789098765456789876567898765678.exe
Size

116KB
Sample

240213-q2el3sbc71
MD5

27e7d59134beb9db7c5da7f1f2e2832a
SHA1

bc6a8acc550632a6c888abb6225ed1bb06b51ffe
SHA256

64b63793d096661c6c406b8944c179baac0ac3481941ed233132b1e69c8afec3
SHA512

4c83e230d851999c801a5467c603aae3beb1a48dbc17885ad48f7e325673a1621aec91ae842822604a9195106d11c7b6a87fc700be07d136191b0b3ad1994962
SSDEEP

3072:XxMJAgFqBpFGsIvH8PP7GmCMY7pdk29rTIXAJ:XBbwBHLzTqAJ

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.normagroup.com.tr
Port:
21
Username:
[email protected]
Password:
Kingdom12345@

Extracted

Credentials

Protocol: ftp
Host:
ftp.normagroup.com.tr
Port:
21
Username:
[email protected]
Password:
Kingdom12345@

Targets

- Target
  
  DEKONT-13-02-2024-98766789098765456789876567898765678.exe
- Size
  
  116KB
- MD5
  
  27e7d59134beb9db7c5da7f1f2e2832a
- SHA1
  
  bc6a8acc550632a6c888abb6225ed1bb06b51ffe
- SHA256
  
  64b63793d096661c6c406b8944c179baac0ac3481941ed233132b1e69c8afec3
- SHA512
  
  4c83e230d851999c801a5467c603aae3beb1a48dbc17885ad48f7e325673a1621aec91ae842822604a9195106d11c7b6a87fc700be07d136191b0b3ad1994962
- SSDEEP
  
  3072:XxMJAgFqBpFGsIvH8PP7GmCMY7pdk29rTIXAJ:XBbwBHLzTqAJ
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan