agenttesla

General

Target

1710178566fbf0a8a6e23ccef0f9781bb1f33a2fe89164c091d2255097a08abc03d7698e53136.dat-decoded.exe
Size

238KB
Sample

240311-v66ctahf3v
MD5

232be6f79d5197ab3a7378bbababcc06
SHA1

1c2523b16c3e35c230bee71ddf8f251c91a663c2
SHA256

31b5427b86d6f1e9b200d17ebdadeb84e2e58bbb5046b4dba9c5050c0f47ace6
SHA512

38f66b6096969cba611dfa7dc8740c9a1e173192cd57dbbfc53a51a9cd43ac37feba3f500ca73ff7e815fc5183478d093b220da0c617eff6498a8ca39b70c6bf
SSDEEP

3072:evi8wEgsvHLVLWIrnAU/HW6T2Kt6DL5A9g9icVY:Ui8wEgsvHLVLW4nAU/pt6Dgg9

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.stingatoareincendii.ro
Port:
21
Username:
[email protected]
Password:
Q-1HmWsBJgRe

Extracted

Credentials

Protocol: ftp
Host:
ftp.stingatoareincendii.ro
Port:
21
Username:
[email protected]
Password:
Q-1HmWsBJgRe

Targets

- Target
  
  1710178566fbf0a8a6e23ccef0f9781bb1f33a2fe89164c091d2255097a08abc03d7698e53136.dat-decoded.exe
- Size
  
  238KB
- MD5
  
  232be6f79d5197ab3a7378bbababcc06
- SHA1
  
  1c2523b16c3e35c230bee71ddf8f251c91a663c2
- SHA256
  
  31b5427b86d6f1e9b200d17ebdadeb84e2e58bbb5046b4dba9c5050c0f47ace6
- SHA512
  
  38f66b6096969cba611dfa7dc8740c9a1e173192cd57dbbfc53a51a9cd43ac37feba3f500ca73ff7e815fc5183478d093b220da0c617eff6498a8ca39b70c6bf
- SSDEEP
  
  3072:evi8wEgsvHLVLWIrnAU/HW6T2Kt6DL5A9g9icVY:Ui8wEgsvHLVLW4nAU/pt6Dgg9
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2