agenttesla

General

Target

787fad37efb7d8a1da898dc229a32211a3de0145815b7f0c46a7d5f74046fa35.exe
Size

1.1MB
Sample

240906-jgw73avbnc
MD5

3242a80119a64eb4ea1a9eec5ead5698
SHA1

6ddeb3583354723e32e0ba4e5abc7e6be412f5a8
SHA256

787fad37efb7d8a1da898dc229a32211a3de0145815b7f0c46a7d5f74046fa35
SHA512

5355151ae9ed3780beb7daeb97359946f9fde35b6f2f23a78407a184c6bd23f9846608fd594e371376320c6da3b86052dba5e53e29a714ffa816b2f88303b9b3
SSDEEP

24576:GqDEvCTbMWu7rQYlBQcBiT6rprG8a1x1Ylf18iwn7095L:GTvC/MTQYxsWR7a1gj8iwY

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.stingatoareincendii.ro
Port:
21
Username:
[email protected]
Password:
3.*RYhlG)lkA

Targets

- Target
  
  787fad37efb7d8a1da898dc229a32211a3de0145815b7f0c46a7d5f74046fa35.exe
- Size
  
  1.1MB
- MD5
  
  3242a80119a64eb4ea1a9eec5ead5698
- SHA1
  
  6ddeb3583354723e32e0ba4e5abc7e6be412f5a8
- SHA256
  
  787fad37efb7d8a1da898dc229a32211a3de0145815b7f0c46a7d5f74046fa35
- SHA512
  
  5355151ae9ed3780beb7daeb97359946f9fde35b6f2f23a78407a184c6bd23f9846608fd594e371376320c6da3b86052dba5e53e29a714ffa816b2f88303b9b3
- SSDEEP
  
  24576:GqDEvCTbMWu7rQYlBQcBiT6rprG8a1x1Ylf18iwn7095L:GTvC/MTQYxsWR7a1gj8iwY
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

1

T1555

Credentials from Web Browsers

1

T1555.003

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Credentials from Password Stores: Credentials from Web Browsers

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2