agenttesla

General

Target

OC 1398984.exe
Size

257KB
Sample

240809-js3h8ayanp
MD5

bdb862c5d149ab30b8843435eff1de0d
SHA1

9dfc255a56023e6eb06499baaa9a7440b766061a
SHA256

ce8a1fa1dece3f12415c68769d60da8b709d3fefb5543b8335d88b117d9db2ca
SHA512

995af0ed5d842ac56f26ba3362841317d6f8153c2bc13186c402a99194169b2afecd4ef0bd31e940121f946c00624758d4c8f98a6c30da4ceb5da67f1a80118e
SSDEEP

6144:01VtfMapUCX6Mg9gqQv3oEJEYnDQ4jYv:01ffb8Mg9sv35JEYM4G

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.solucionesmexico.mx
Port:
21
Username:
[email protected]
Password:
dGG^ZYIxX5!B

Targets

- Target
  
  OC 1398984.exe
- Size
  
  257KB
- MD5
  
  bdb862c5d149ab30b8843435eff1de0d
- SHA1
  
  9dfc255a56023e6eb06499baaa9a7440b766061a
- SHA256
  
  ce8a1fa1dece3f12415c68769d60da8b709d3fefb5543b8335d88b117d9db2ca
- SHA512
  
  995af0ed5d842ac56f26ba3362841317d6f8153c2bc13186c402a99194169b2afecd4ef0bd31e940121f946c00624758d4c8f98a6c30da4ceb5da67f1a80118e
- SSDEEP
  
  6144:01VtfMapUCX6Mg9gqQv3oEJEYnDQ4jYv:01ffb8Mg9sv35JEYM4G
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

1

T1555

Credentials from Web Browsers

1

T1555.003

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Credentials from Password Stores: Credentials from Web Browsers

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2