agenttesla

General

Target

NUEVO FORMULARIO DE PEDIDO 09-3880073016.uu
Size

519KB
Sample

240329-rttayaae5z
MD5

7620362b4836fd3ac63c8af67d962afb
SHA1

bb1da18bf0545554a61569cff1b76893cd94e7ba
SHA256

4c0bdf2a6713ad274c9dbe4f24307a87cb71abe3d9068e792bf79943ed3e61e1
SHA512

aae42a4907991db18e53cfb59870e4ad6917f3fadee50133b38084be33f4ca567cf047bcbb0e7a77e27e5fe0a11a68287e7069dab1719ee21dc1d24392ce6f7d
SSDEEP

12288:N0GDXV+3v/45FiSAG930PTzFmw5Fl5nfJaXairzZMQIb7yhdu:N0iVX5FPAawzFtlIxyb7udu

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.elquijotebanquetes.com
Port:
21
Username:
[email protected]
Password:
-GN,s*KH{VEhPmo)+f

Targets

- Target
  
  NUEVO FORMULARIO DE PEDIDO 09-3880073016.exe
- Size
  
  545KB
- MD5
  
  0190b6953075d9f2fea81a4a87923a9b
- SHA1
  
  8e87dd95f7737985e66e7457eb311308b14a852d
- SHA256
  
  32ddc65c90c3523836657a9472f615d480ea7fac2da9a7912685fe60559ecde4
- SHA512
  
  7ddea43aa1350a9c630ce22659d9f77b756fa721e9cbe2afd8c3c80ca571f779175afedae84aa0a71d6ed31f4347a03076914b37413a17bc8f78a0eb9d79800c
- SSDEEP
  
  12288:hYV6MorX7qzuC3QHO9FQVHPF51jgcrnHoOO6TrtzwChkunt6G:2BXu9HGaVH7oWTZBhR
Score

10^/10

agenttesla keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

UPX packed file

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2