agenttesla | 4f14cf8ce74ce7f9e43fe51c5f7a11ede77ecb064a35fb42703dc9a88e57bd26 | Triage

Sharing

General

Target

7bec838451244d1f299c09707ea2bdd0.bat
Size

690KB
Sample

240522-jnddjagg8z
MD5

7bec838451244d1f299c09707ea2bdd0
SHA1

e8cef05a08b44f916dfe33e05a96cfac9d9e7c41
SHA256

4f14cf8ce74ce7f9e43fe51c5f7a11ede77ecb064a35fb42703dc9a88e57bd26
SHA512

9dcda3d21320e4a962f3dc2ee588d9623de379e241010fd0a08b3ff20b92cc1ff0c118b354395d4539db262c31bfa8ef1d05ca5f29b4e73eeceafc8ca19e78e1
SSDEEP

12288:QuoS1Rnqm/L+t9c+ngaet8jMGYFAT8YXtLNPJfzoTe136:HT1Rqm/kfyGlNFJ7+

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.dachangshelving.id
Port:
21
Username:
[email protected]
Password:
boygirl123456

Targets

- Target
  
  7bec838451244d1f299c09707ea2bdd0.bat
- Size
  
  690KB
- MD5
  
  7bec838451244d1f299c09707ea2bdd0
- SHA1
  
  e8cef05a08b44f916dfe33e05a96cfac9d9e7c41
- SHA256
  
  4f14cf8ce74ce7f9e43fe51c5f7a11ede77ecb064a35fb42703dc9a88e57bd26
- SHA512
  
  9dcda3d21320e4a962f3dc2ee588d9623de379e241010fd0a08b3ff20b92cc1ff0c118b354395d4539db262c31bfa8ef1d05ca5f29b4e73eeceafc8ca19e78e1
- SSDEEP
  
  12288:QuoS1Rnqm/L+t9c+ngaet8jMGYFAT8YXtLNPJfzoTe136:HT1Rqm/kfyGlNFJ7+
Score

10^/10

execution agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Opskyllede.Bat
- Size
  
  298KB
- MD5
  
  e4e92e70049d292cb8f3713bfb7a7e6f
- SHA1
  
  34dfca4470ae249ec10d123f91c42e826fcbba5e
- SHA256
  
  bd59428225201e0783ab07e51f9099e198f3fdcf19c96fd27b533fa7a12ff849
- SHA512
  
  53be5508ec695d64005f82e1fb1d00a56f6935de39d070271c08ea83aa89493d523b946a8cee24078ec51dc78a7b374ef31b9281c512c05b6e88942dd88bceef
- SSDEEP
  
  6144:IGfg2FfW5y7koz484Xj9cEnTZGO2N7Qjha823kH4:Y2FuyD884T6EnTAO2N7Qlb4
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral3

behavioral4