agenttesla | 57d315808c9187c617af6a7b6c06cfdb78b091fa5c2f3b716e36618a4de8851d | Triage

Sharing

General

Target

QUOTATION#2800-QUANTUM MACTOOLS.exe
Size

1.3MB
Sample

241014-ry5jrstgln
MD5

fc536cdb9b96de8329852d4ac09caf54
SHA1

1ad9e759de57b40941365efb63aca6938efe3a33
SHA256

57d315808c9187c617af6a7b6c06cfdb78b091fa5c2f3b716e36618a4de8851d
SHA512

65675df72182f3879340789ed16ef009d80bf9a9f7934706df3e031a6030add94083970038f324186be10e028e23768b4111566aaf3d97c8abb6190a7c945e95
SSDEEP

24576:WfmMv6Ckr7Mny5Q6oxlVA+ACcQGnUN35B50SmjsO1mtxNdD:W3v+7/5Q6Qa++nU7oSmsxNdD

Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.ercolina-usa.com
Port:
21
Username:
[email protected]
Password:
uy,o#mZj8$lY

Targets

- Target
  
  QUOTATION#2800-QUANTUM MACTOOLS.exe
- Size
  
  1.3MB
- MD5
  
  fc536cdb9b96de8329852d4ac09caf54
- SHA1
  
  1ad9e759de57b40941365efb63aca6938efe3a33
- SHA256
  
  57d315808c9187c617af6a7b6c06cfdb78b091fa5c2f3b716e36618a4de8851d
- SHA512
  
  65675df72182f3879340789ed16ef009d80bf9a9f7934706df3e031a6030add94083970038f324186be10e028e23768b4111566aaf3d97c8abb6190a7c945e95
- SSDEEP
  
  24576:WfmMv6Ckr7Mny5Q6oxlVA+ACcQGnUN35B50SmjsO1mtxNdD:W3v+7/5Q6Qa++nU7oSmsxNdD
Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerpersistencespywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerpersistencespywarestealertrojan