agenttesla | 4eda9c4ddbb844b6bbb7e989d73e21dfbbecafb0e2bd8db20a5e728ffe5214c6 | Triage

Sharing

General

Target

4eda9c4ddbb844b6bbb7e989d73e21dfbbecafb0e2bd8db20a5e728ffe5214c6
Size

13KB
Sample

240425-btdmgscg98
MD5

f2a5b03dda4c84da81a606065f518050
SHA1

a68e7c52a043d6ec0e32b9bcb6d9fa8b4970b286
SHA256

4eda9c4ddbb844b6bbb7e989d73e21dfbbecafb0e2bd8db20a5e728ffe5214c6
SHA512

f31917183f65d5268bbf79827f5e8c6baa33b4d87c4849ef999f7e1eb729820feb5ff5ee8f0f51cd777bc73abdf17b36deef355eae24e8247d0265c81a5bed92
SSDEEP

384:2YVl2ZLbVKg5q5gdhyctyd+mccG/iG3H5xwH+yOR2JVpPgR7VNzbaLMCQnM:CVNUmdhfyg/cG6G3H5xPFkVKZGT

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.horeca-bucuresti.ro
Port:
21
Username:
[email protected]
Password:
H*TE9iL;x61m

Targets

- Target
  
  4eda9c4ddbb844b6bbb7e989d73e21dfbbecafb0e2bd8db20a5e728ffe5214c6
- Size
  
  13KB
- MD5
  
  f2a5b03dda4c84da81a606065f518050
- SHA1
  
  a68e7c52a043d6ec0e32b9bcb6d9fa8b4970b286
- SHA256
  
  4eda9c4ddbb844b6bbb7e989d73e21dfbbecafb0e2bd8db20a5e728ffe5214c6
- SHA512
  
  f31917183f65d5268bbf79827f5e8c6baa33b4d87c4849ef999f7e1eb729820feb5ff5ee8f0f51cd777bc73abdf17b36deef355eae24e8247d0265c81a5bed92
- SSDEEP
  
  384:2YVl2ZLbVKg5q5gdhyctyd+mccG/iG3H5xwH+yOR2JVpPgR7VNzbaLMCQnM:CVNUmdhfyg/cG6G3H5xPFkVKZGT
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan