agenttesla | 2a28690f30aacafe7ca48d2cbff27b082aaaee624df3ad7825dcfdc15a96c589 | Triage

Sharing

General

Target

2a28690f30aacafe7ca48d2cbff27b082aaaee624df3ad7825dcfdc15a96c589
Size

5KB
Sample

241018-bfcs2azdql
MD5

12ffcc184336f536356793394caebaf2
SHA1

ed44f4d7a786cbda094af3f5b30d8882e51b7b20
SHA256

2a28690f30aacafe7ca48d2cbff27b082aaaee624df3ad7825dcfdc15a96c589
SHA512

eb5aca31fd3ae9fbd406a509b46dc1a6eb64371df75960b31c923265ac7b6e7fa8a2e3d8851080817a00dd2111186881d1bdfb53833a02b3e51e88f4dd4edaf6
SSDEEP

96:oU51wGMc6FmskJsfCw1BTVJhEpt5FPXv9glImmn0HEb/T99Soq:oUkGB+OWaUBThmftv98ImBEX7zq

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.alternatifplastik.com
Port:
21
Username:
[email protected]
Password:
Fineboy777@

Targets

- Target
  
  WG Quotation 11157061 DE-TR.exe
- Size
  
  9KB
- MD5
  
  b82bdb9a9392c7049529723dcb93a75b
- SHA1
  
  e225b293e8007f73c0c83ea1d22825aec528c653
- SHA256
  
  2a1356b0d400e27c01c8cfe8db4c3bc5d225d4ac75fc445e154f373c406779a2
- SHA512
  
  0bf6403cee7b300ded290df47dad44b81a1225adfc4f0417efb8efadac133bc251c5380fd98e287bfc3415e0bddcede2033378f9cf39b4f0a7590556a0d1fbbc
- SSDEEP
  
  192:1c0IFiXp2vJwfFblxm0pzcIWr30I4HJKLKR/bkI/wC:1c0IFiwvGornqKedT/w
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan