agenttesla

General

Target

700cb31b99343cbf92ad0435892e4cbebd7ec529e2a5fd755c4d22e1172bcbfa
Size

573KB
Sample

241116-bqrd6sxalc
MD5

61248ac3e13d17b0b3ccd988b7c403df
SHA1

c707efbde9a07ae40813cb0b1d97a567c27cd371
SHA256

700cb31b99343cbf92ad0435892e4cbebd7ec529e2a5fd755c4d22e1172bcbfa
SHA512

121ee272fe030a6bc0411bceb023723fefb41823b741eaccd3c7de90c7588202866ffe292159957cdeab3ddefa72b4da539e7f71a3fab05596da37a90b3b97bf
SSDEEP

12288:izADfaSwrQrKXOsDe48pPfyfgH6YcnkI3K4VCYiEyT+Pn4LP/2k:2AD1wrQlgqHyh1Va4VCYWRLP/X

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.stingatoareincendii.ro
Port:
21
Username:
[email protected]
Password:
3.*RYhlG)lkA

Targets

- Target
  
  Compra_600000376001.exe
- Size
  
  654KB
- MD5
  
  69377a68e4e5814a9e861312a8cb18f8
- SHA1
  
  c8c1068f74a9782dba062f558afaf42b3249dbea
- SHA256
  
  2a78b0b85d04eea9ebc08b8642e9e1a673e02b3082d8b29b0af11dcf51932f62
- SHA512
  
  a70aebf69c02049a6e655e6dc34a1d0a5d42ab391356a42fe36977577f7096336c306fac8207cc45bdc295703259c7913418dfb741b92dea875c038b594ccfd1
- SSDEEP
  
  12288:ZOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPitGUMbwNkYjtSGAalEaeQ3v:Zq5TfcdHj4fmbEGUMbYjtjAal5eQ/
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Agenttesla family

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2