agenttesla | e6622bdd555368ef8bf22a55947f42d1de681e5c550f54855562083360eff601 | Triage

Sharing

General

Target

c4cb7655cafcc20ca7c0a513293605ad.bin
Size

179KB
Sample

240327-epewjafd41
MD5

03544fb4a071b732bf40b4e06833d462
SHA1

55bc301134a323df2cf888073c4cfe5c04971f7f
SHA256

e6622bdd555368ef8bf22a55947f42d1de681e5c550f54855562083360eff601
SHA512

7163269bedd4d8e976d7d7d97e5a262a745ab0ecc48a4923d87273c7b96ceb93458117092c020455baa08d778715e2eaf833e3187a2396aa2af5eec808b517b0
SSDEEP

3072:vAzPrtxWmGzt7uGTR+ooAhO8S7R3yHmD6VC4OhDwrO8SZLi4wlMZNg:ozrwz1jRt4938m4frXYLi45Ng

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://80.92.205.47
Port:
21
Username:
delizzasuppl
Password:
99EK7bvTZr4zBnwW

Extracted

Credentials

Protocol: ftp
Host:
80.92.205.47
Port:
21
Username:
delizzasuppl
Password:
99EK7bvTZr4zBnwW

Targets

- Target
  
  340e702e49081960c6d318774ab212ae3885ab93fe5ad5d26cdf3c64189a7abd.exe
- Size
  
  207KB
- MD5
  
  c4cb7655cafcc20ca7c0a513293605ad
- SHA1
  
  00ac921a5b26a640d002c3c7528a6ae6c88e8900
- SHA256
  
  340e702e49081960c6d318774ab212ae3885ab93fe5ad5d26cdf3c64189a7abd
- SHA512
  
  eceb4f4c5f2c205e6ff629c81624bb32454f9b0b6e43a20c8af1b01dd402cecfe199c332a72388b8f084c7d5a6651066b1d740a1d8479d234c33849f403134d0
- SSDEEP
  
  3072:aIc6fEubNTqFxWXtN+vv2fUwFZZGt4UvERdCtOWEbnmrdR5hV6RhnZ7GmCMY7pdL:09w2WXzCw3TGzv5EDmR56Xk
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan