agenttesla

General

Target

ENTIREMESSAGE.eml
Size

755KB
Sample

240903-wyny8sthqc
MD5

7b4e5d9b135fabc649a47971dfe7e70a
SHA1

7af5d8e188e3b6bff99e9a42bffde760e5283b94
SHA256

0fb7d8bf94e91104c7207440a869295ad6ab76eed09ab7cba74be2fe66247c96
SHA512

6e1569a28fe4d49468e132a5a5fa5828db4010de96576bd0786206ab76d074b0016373cb85674a832afeb63f279adfa3b68fca861512828badb5e462c8a591d2
SSDEEP

12288:K3vVjKPE9jzPf/INO4nMQ/J3PEYaSjt7JWoKWriKNSYnfMuoPegCPOWwukkQHcC5:K3NjZJKnFdaSjtVW5W2KpfMu3W1uE8pa

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://backup.smartape.ru
Port:
21
Username:
user894492
Password:
w6NZOdcSkH1a

Targets

- Target
  
  Ödeme Onay Kopyası.exe
- Size
  
  1.0MB
- MD5
  
  102f24e21c6ebef365ac013322df92be
- SHA1
  
  1f2ae631345ea1b6ca6570eb3bf3300e40a3d1d9
- SHA256
  
  fa55c7177a87dfc91f227846c8e52fd5f7a073a32e818b5c7f9680784f7c15e2
- SHA512
  
  d9573a1c4d7ca08b5775003284febe2830ce744a4e10d1ca1ec5d350c4b12334a2803fa1bf6adcb6007b4eea176b59df7b932d537bceed347b6e470bdc6b69cd
- SSDEEP
  
  24576:cAHnh+eWsN3skA4RV1Hom2KXMmHarjvnaIRvf8dP5:7h+ZkldoPK8Yarjvbm
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

1

T1555

Credentials from Web Browsers

1

T1555.003

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Credentials from Password Stores: Credentials from Web Browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2