agenttesla

General

Target

04102024_1446_02102024_HGI887Y6T009AK.doc.lz
Size

787KB
Sample

241004-r5legazdmk
MD5

2654ff35b3331c6dc936c81ba2f68413
SHA1

22266814712decec4c4125562ba0e22236038a47
SHA256

c43ca75d4422c4c10b084571a15e6532ee6b82acb59f7c19ca0ec4b6bb6830a9
SHA512

7e4e10848e2ed21809d77503658d390bc02654be4fa6c2916e9b48c2b89b30dee0b78511414337090c3ecc24ab9c08e0bafd4d0397b411fe404c906bdd406c78
SSDEEP

12288:Fu6eZn2vfrgAp9wMoR4e3ZRkNoZDJbmMOgyvqxJeNEru+U0pkd4jCGcJKJwUq:kLGv+4eDUMOgyS7eerrpw4jChkwUq

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.antoniomayol.com:21
Port:
21
Username:
[email protected]
Password:
cMhKDQUk1{;%

Targets

- Target
  
  HGI887Y6T009AK.exe
- Size
  
  955KB
- MD5
  
  203c7be32fe375c5a88117eba27b2c50
- SHA1
  
  23472df937e02358ebdf1894680532a2e83d137b
- SHA256
  
  5d5dc213adb7029219ec59393b864e2767e555bec4af95b380c947374d537833
- SHA512
  
  0666b3e29d2eff24a5a4ce80631e2ce99d52badd54efe55e818ea56ccad023046ac82ca9e4acf94ab1128b21772fc8eb143cb073a424614f3959990f65c08ad8
- SSDEEP
  
  24576:TD0tM85tbNJjldeYiYsRYSvoGOWyynee37hWaHaxkw04:TD0tM85DJjl/iFpnHLht4
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops startup file

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2