agenttesla | 182b161a951229364aef6e16d358beb00f285c9f146053471ad22e714eefa719 | Triage

Sharing

General

Target

1.exe
Size

29KB
Sample

240926-kb6d8axann
MD5

a016634929c4d57cc24719723a4cd65c
SHA1

91e7492b6d3e543f185c69846bd175a626a931f5
SHA256

182b161a951229364aef6e16d358beb00f285c9f146053471ad22e714eefa719
SHA512

5f36c1ad444af94dfd4ca1d4aef188049ffdcf2a336f58cfeead5a55176e580312d3944c229ed8b66cc852f0a4c86b711603ea34ff80ebf1df6a3f84d61a695a
SSDEEP

384:ANepKdJNF1oPvlsBrrFj95okNTvsYxksSvk0HFs0ZILHwz7A8iq8ziXuF:AcQ9F1oaBj95FkYmsScKZHGJt

Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.alternatifplastik.com
Port:
21
Username:
[email protected]
Password:
Fineboy777@

Targets

- Target
  
  1.exe
- Size
  
  29KB
- MD5
  
  a016634929c4d57cc24719723a4cd65c
- SHA1
  
  91e7492b6d3e543f185c69846bd175a626a931f5
- SHA256
  
  182b161a951229364aef6e16d358beb00f285c9f146053471ad22e714eefa719
- SHA512
  
  5f36c1ad444af94dfd4ca1d4aef188049ffdcf2a336f58cfeead5a55176e580312d3944c229ed8b66cc852f0a4c86b711603ea34ff80ebf1df6a3f84d61a695a
- SSDEEP
  
  384:ANepKdJNF1oPvlsBrrFj95okNTvsYxksSvk0HFs0ZILHwz7A8iq8ziXuF:AcQ9F1oaBj95FkYmsScKZHGJt
Score

10^/10

discovery agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerpersistencespywarestealertrojan