agenttesla | 48e44bcbd66b47d25fb19989fbade4e965273325088a5dc2ed0ca9e92c7afcd5 | Triage

Sharing

General

Target

____DEME_ONAY_KOPYASI.rar
Size

531KB
Sample

240906-qpt61azakg
MD5

a2d391424565f3c33026b1016f2cd0fe
SHA1

309e61c7afa684a560cff3c772c052c20f437f52
SHA256

48e44bcbd66b47d25fb19989fbade4e965273325088a5dc2ed0ca9e92c7afcd5
SHA512

52218bff7356ce5d634206d9106010fb1486e162faae368ec284d022c2b10fb1a631b3754b88333905ab3804a065faf53b558512ad12647292cd27439b4d2928
SSDEEP

12288:MeL1TSwYQQp8667o8LXL0ovrYawhpXjw8RQgd2AKGHZGM/ogbGV/:MoBSoQJ67o8DIk8hVsCQgd2A3GObO/

Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://backup.smartape.ru
Port:
21
Username:
user894492
Password:
w6NZOdcSkH1a

Targets

- Target
  
  ÖDEME ONAY KOPYASI.exe
- Size
  
  1022KB
- MD5
  
  19ff79aad65519dc77198b00ffb6cad9
- SHA1
  
  5e07f4e98811639fc5f5acbd0fda6df52b165284
- SHA256
  
  1334ad18065c6f69df17a313954b90bf771888b785512986615ff97bd21034b8
- SHA512
  
  0941a4dd2acda91aa5b6ffa288f3888446e0601fc337cf9676f97591753b81b588d38beab4da0fb020057323592e4c7dec08e168fc6d4d1e06dbbac6cae05ebf
- SSDEEP
  
  24576:KAHnh+eWsN3skA4RV1Hom2KXMmHaT17Hr8wM5:dh+ZkldoPK8YaT17Hr8X
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan