agenttesla | 2ac8714136358ff073e0b077555d8339fc5757f7d736806a28b39156290ef7cd | Triage

Sharing

General

Target

04092024030803092024demeOnayKopyas.rar
Size

549KB
Sample

240904-gjh24svgkl
MD5

31dc3735eb642994d7e7ddeb0a454480
SHA1

ce59d9fb688e4213dc4d9cea0c5be2222b89fc2c
SHA256

2ac8714136358ff073e0b077555d8339fc5757f7d736806a28b39156290ef7cd
SHA512

7e0c19a59d5ad0b41053a459c121268d3d90e8974a0ff02108d7cfc68c4e6bc1a5e70c8d594fa2c317919a2477a74b394746e40cfc3ee69e328d5f91aeb4d766
SSDEEP

12288:xKvb53+e/yTUA1J5BHddX3REBTTzRngPsRmnDgOR6L7:C1+IWUA1Hd3qTTzRnQsR2cOAf

Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://backup.smartape.ru
Port:
21
Username:
user894492
Password:
w6NZOdcSkH1a

Targets

- Target
  
  Ödeme Onay Kopyası.exe
- Size
  
  1.0MB
- MD5
  
  102f24e21c6ebef365ac013322df92be
- SHA1
  
  1f2ae631345ea1b6ca6570eb3bf3300e40a3d1d9
- SHA256
  
  fa55c7177a87dfc91f227846c8e52fd5f7a073a32e818b5c7f9680784f7c15e2
- SHA512
  
  d9573a1c4d7ca08b5775003284febe2830ce744a4e10d1ca1ec5d350c4b12334a2803fa1bf6adcb6007b4eea176b59df7b932d537bceed347b6e470bdc6b69cd
- SSDEEP
  
  24576:cAHnh+eWsN3skA4RV1Hom2KXMmHarjvnaIRvf8dP5:7h+ZkldoPK8Yarjvbm
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan