agenttesla | e71d36e70599a6a1feef32910c636e9b63a82e3b1c95ba1c22d8c8627daf89f0 | Triage

Sharing

General

Target

0000004025-Fwd_ PEDIDO 4500998957.eml
Size

1.1MB
Sample

240522-svg5qsfg79
MD5

a5c8f06b31d03180caa1ac71e7cab884
SHA1

9bfd7a63bd3327e1dec634ec6920c40aa746bf5a
SHA256

e71d36e70599a6a1feef32910c636e9b63a82e3b1c95ba1c22d8c8627daf89f0
SHA512

36b90bb687017a511848ad41067d20334b509eb907c7f4b34a57062bf024817de73778f84056389c09bb0057a0efd45b0a518e60755b27e2911208e1fc42bf14
SSDEEP

24576:XoE3U7xeuwxRpLAsbVszOSPdlT7b9Ta+8L7:XA9wA6WJP5Av

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.midhcodistribuciones.com
Port:
21
Username:
[email protected]
Password:
,A7}+JV4KExQ

Extracted

Credentials

Protocol: ftp
Host:
ftp.midhcodistribuciones.com
Port:
21
Username:
[email protected]
Password:
,A7}+JV4KExQ

Targets

- Target
  
  0000004025-Fwd_ PEDIDO 4500998957.eml
- Size
  
  1.1MB
- MD5
  
  a5c8f06b31d03180caa1ac71e7cab884
- SHA1
  
  9bfd7a63bd3327e1dec634ec6920c40aa746bf5a
- SHA256
  
  e71d36e70599a6a1feef32910c636e9b63a82e3b1c95ba1c22d8c8627daf89f0
- SHA512
  
  36b90bb687017a511848ad41067d20334b509eb907c7f4b34a57062bf024817de73778f84056389c09bb0057a0efd45b0a518e60755b27e2911208e1fc42bf14
- SSDEEP
  
  24576:XoE3U7xeuwxRpLAsbVszOSPdlT7b9Ta+8L7:XA9wA6WJP5Av
Score

5^/10
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  PEDIDO 4500998957.eml
- Size
  
  1.1MB
- MD5
  
  95f5102193b2eb98a06920263efc61bb
- SHA1
  
  35d0d603039e15c0a9778768654e2992d8279420
- SHA256
  
  fa060b11b5143a3ef50ea1338732487ee8b21af63663de8454fd12091221a0e5
- SHA512
  
  20ec04e0992f21091ba4d31cc463129a2047927d5a0ce6d49705e078fa38ac8830ca158c668a71f236ac6493c103aa28ab9b134e94ad7a2f1a3cfcaf80b31781
- SSDEEP
  
  24576:3oE3U7xeuwxRpLAsbVszOSPdlT7b9Ta+8L6:3A9wA6WJP5A2
Score

5^/10
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  PM910255_PRD0000416382_1.gz
- Size
  
  654KB
- MD5
  
  4341cd61188b355f1094c974c0797453
- SHA1
  
  813d1ebc8e4911a53277a8f33f9384e95b572d7e
- SHA256
  
  70618f81836249b022347e4421f300095e818bbd2cc038fa492b31ed2b625879
- SHA512
  
  10481bf16f778592f0adae495cd5d7633d51c6750256ec959255db3cfe89165f5dfc38dcfea95123741dc75d34263bd907bbfbce6abcee77834b8f122de01754
- SSDEEP
  
  12288:b/Z4CvrqK7ZfLXOhk39SMhwAuKRryTSNGbPIYhGldnth7LsQK:bRRrqKFLXxgMhwI4TWGfGlx/K
Score

3^/10
behavioral5 behavioral6
- Target
  
  PM910255_PRD0000416382_1.exe
- Size
  
  684KB
- MD5
  
  31dca7777866e958168b30a052d54d2d
- SHA1
  
  f79ad5c35e2e71eddeebaa5198c024d4cef269ba
- SHA256
  
  d8887cf7af1f39ffeb6b4639ce98e5d49c16be4818d317f6a96b126c94b3b271
- SHA512
  
  85d2d3bb37ac84f695770302e0b5447a2cb6c7c50949e6f9739c61fd9e76aadcafa1003d17a9afe436ed0e4cbf103ccad38528aa4291f9b6db4941fc0a0bd212
- SSDEEP
  
  12288:Qfi27XkJNLFnt/e47dNGh36xQODwjihjVH/M5/Sqkxbv0bkR:6hOZhTB01gQOQihh05/Sqkd1
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral7 behavioral8
- Target
  
  email-html-1.txt
- Size
  
  181KB
- MD5
  
  4c867386d2a41e98969078960aeebe04
- SHA1
  
  17f4db1a694523b1b6d82a5588a82631034539d3
- SHA256
  
  ba8d4e9be076977284c6c53f61164c08f134d4bc73b5619b1422dfbacfc53644
- SHA512
  
  6e2faae7342280ed7e4a276ef2c3d1f6fde7b590327739adea38eaadeac5a16aa3e7e7692f0f3688fffd828452a625e88425c9803826d0eb57bfeedc2b524100
- SSDEEP
  
  3072:za7Mu4/pesiPc5ENXyxkjZf/oDM+DuFHlxzCanlRBoABEppzgwD8gsk4PrCtaE:za7BQpF5IXnf/oDyHDNlRgvsBmP
Score

1^/10
behavioral10 behavioral9
- Target
  
  email-plain-1.txt
- Size
  
  55B
- MD5
  
  d6f1fd5e47ec72981ffa9ca6afbf5937
- SHA1
  
  77cdee8287a744dd71e4560f1decc767aacfb790
- SHA256
  
  bf59186334f80d40fdcb94e6f0ce383b3a22c950868363457e33ed1bcf26fc59
- SHA512
  
  641da7aa02c5abff1090f51410921ed80605d1898457576e5fb9ef2b1ad5edc63b460ea6899deee947559fb71ddb796a1bd4960e6c983c6b4a9dbc92f9da030e
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

agentteslakeyloggerspywarestealertrojan

behavioral8

agentteslakeyloggerspywarestealertrojan

behavioral9

behavioral10

behavioral11

behavioral12