agenttesla | 1505bff98f4ade91f9a9e5e150af27fdf6e25b29958e808f7c4e1077f2e8b2d1 | Triage

Sharing

General

Target

1505bff98f4ade91f9a9e5e150af27fdf6e25b29958e808f7c4e1077f2e8b2d1
Size

1.1MB
Sample

240905-qnfbfs1hjp
MD5

8fa636c8c48c65159db1108ec397a31f
SHA1

ca585f75b0cf74f7683c96fe4b274e2ead833d3d
SHA256

1505bff98f4ade91f9a9e5e150af27fdf6e25b29958e808f7c4e1077f2e8b2d1
SHA512

7e61a52b67115151dc64b1fecb0428d239e2e2b965ff62b37990abff13d63ec5c7be92813beec0100d720aef7f8e446452ebc358cc157c3e9725f66043ad5af1
SSDEEP

24576:VqDEvCTbMWu7rQYlBQcBiT6rprG8a2ZJm74frVxzPq18:VTvC/MTQYxsWR7a2hfRxLq1

Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://backup.smartape.ru
Port:
21
Username:
user889214
Password:
RjYKRIRkfluo

Targets

- Target
  
  1505bff98f4ade91f9a9e5e150af27fdf6e25b29958e808f7c4e1077f2e8b2d1
- Size
  
  1.1MB
- MD5
  
  8fa636c8c48c65159db1108ec397a31f
- SHA1
  
  ca585f75b0cf74f7683c96fe4b274e2ead833d3d
- SHA256
  
  1505bff98f4ade91f9a9e5e150af27fdf6e25b29958e808f7c4e1077f2e8b2d1
- SHA512
  
  7e61a52b67115151dc64b1fecb0428d239e2e2b965ff62b37990abff13d63ec5c7be92813beec0100d720aef7f8e446452ebc358cc157c3e9725f66043ad5af1
- SSDEEP
  
  24576:VqDEvCTbMWu7rQYlBQcBiT6rprG8a2ZJm74frVxzPq18:VTvC/MTQYxsWR7a2hfRxLq1
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan