agenttesla

General

Target

19092024010917092024hesaphareketi.7z
Size

581KB
Sample

240919-hlznbawbkb
MD5

00fc1891736e9519658a9a5c6157be49
SHA1

7d9d52d6c43125ad121ebd018094730fc976372c
SHA256

f02c1480ea91f001a150cf0ee8de91b5d017013f298a2b85656d11fcd2b30751
SHA512

1af9c58a397fb4636ad35f60a032a0d877b3dfe094a4914a59aa2139b264b71ee94e3154f03311db00b08cd56684372919237d943f2c31524073093e664a23bc
SSDEEP

12288:vO4rvVEgMq8qBh7k3eDSRGUO8bUTK7DjzuBLDmg1Gxv1EZ+QE:5rvxx8qPH8AWf4sv1+Q

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.normagroup.com.tr
Port:
21
Username:
[email protected]
Password:
ab+LNvim5PAo

Extracted

Credentials

Protocol: ftp
Host:
ftp.normagroup.com.tr
Port:
21
Username:
[email protected]
Password:
ab+LNvim5PAo

Targets

- Target
  
  hesaphareketi-.exe
- Size
  
  2.3MB
- MD5
  
  ac4a055b326c3cc696d5a716af016f0b
- SHA1
  
  8ad58e88d9c2611928aa0460dbcfe850b1f3a6ef
- SHA256
  
  b29d97da8d548a2b32d4b29ee923f0cd81861c025c355bf87caba17cd97b8e95
- SHA512
  
  2e5da6299549bdbff52fcaf82663b09e5616a3d287213f8d13c6d10077a071c5d5a92118887f4fba89aa13aba4bede6523527a5ba8a17905a8e734dc0988280b
- SSDEEP
  
  12288:deyEgM4kqujoE3sDWcpTOD9UhL7EjzutLDRgSGsRhTZjo/:dekTkq8LDKZ4+jRhNjo/
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

1

T1555

Credentials from Web Browsers

1

T1555.003

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Credentials from Password Stores: Credentials from Web Browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2