agenttesla | 9ee2f3872f0b56d35c7f5183350cbc6528bcfd02e35ff1a4d20ece9aafdab45d | Triage

Sharing

General

Target

9ee2f3872f0b56d35c7f5183350cbc6528bcfd02e35ff1a4d20ece9aafdab45d
Size

22KB
Sample

240926-sdyq6awfjb
MD5

36e9c180f4a5610f4bb8261350470156
SHA1

d3a714c6df7728ebb8b6e962476ebbc1b638a1e6
SHA256

9ee2f3872f0b56d35c7f5183350cbc6528bcfd02e35ff1a4d20ece9aafdab45d
SHA512

978e8055ec013081027c6568b062730b203319feb362391c202ed92e62d5002ea8be4359ce3ef8b39173760dcccf80a0cb29e77cf3c40de3d1de19139e675b17
SSDEEP

384:c2XazDGpzRHWptwto+e6A5HuSv2NrkOkSHtXFbLg7Lu9eXlqK9bBnnj7hHUBBw76:7qzDqHKH6rtXF4G9e3xBjNowVo

Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.alternatifplastik.com
Port:
21
Username:
[email protected]
Password:
Fineboy777@

Targets

- Target
  
  Teklif-u9862874-uue28736788uue.exe
- Size
  
  54KB
- MD5
  
  887454c6c1c2025d9da1d49ee4a5afac
- SHA1
  
  2bb69481d8e81181bd1fcd20ebbd75a8089318ed
- SHA256
  
  42544dd4b80c2d0a040c4167540129777a2d7a2e3780adf2b2a580a6dca6c30a
- SHA512
  
  a483c87ff0b4e29c31511cf67343b2ce9667fbac1d7cb115120bfaaa14513316a78db4459919d85ea04f5a62d0fec303237f6306b8b18b4443ef3b8695046a22
- SSDEEP
  
  768:N2osf6uFApu+Rofb0TGaJHL8Ik8Aql/FoTtVb8wqLCNMTXz0Mbd7MZvtujz1D3u:N2osCuFA3ofbOGc8CdqtGLXpMD61D+
Score

10^/10

discovery agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerpersistencespywarestealertrojan