agenttesla

General

Target

CONTRACTUL MODIFICAT-pdf.bat.exe
Size

857KB
Sample

240522-wnlfcsbc52
MD5

6606904cf124e2e43df5401efe1aa7f5
SHA1

0700d6cb81beb6a3bb4ff4e941f4e260d7d6795f
SHA256

47c8f1af1f9f8e3a0ad8f359cb14ea08b3261efde59260d8ec5b92d4dfd90587
SHA512

abc409300b90e0db70a91ea64d8aa14458fdc153be7b228e586deaa3fbef68fb3e42d2a882d1aeaa3f25f325553affb204fed42e056f2b2ff7476050e32e2c13
SSDEEP

12288:2TdHutP4ws2ERwovFRG4zNdE1SqYfsyN1fR8MbbAi77tkmY+V5Ekikwh+:2Ti4L2uwovjGiYFqsS1xbHnY+V5Okx

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.piny.ro
Port:
21
Username:
[email protected]
Password:
playingboyz231

Targets

- Target
  
  CONTRACTUL MODIFICAT-pdf.bat.exe
- Size
  
  857KB
- MD5
  
  6606904cf124e2e43df5401efe1aa7f5
- SHA1
  
  0700d6cb81beb6a3bb4ff4e941f4e260d7d6795f
- SHA256
  
  47c8f1af1f9f8e3a0ad8f359cb14ea08b3261efde59260d8ec5b92d4dfd90587
- SHA512
  
  abc409300b90e0db70a91ea64d8aa14458fdc153be7b228e586deaa3fbef68fb3e42d2a882d1aeaa3f25f325553affb204fed42e056f2b2ff7476050e32e2c13
- SSDEEP
  
  12288:2TdHutP4ws2ERwovFRG4zNdE1SqYfsyN1fR8MbbAi77tkmY+V5Ekikwh+:2Ti4L2uwovjGiYFqsS1xbHnY+V5Okx
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Command and Scripting Interpreter: PowerShell

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2