agenttesla

General

Target

2b763f35a0ffca2cc6df3371c6d2080385f57c0a57551bf84e6d2ab008f5f89a
Size

581KB
Sample

241119-b12mwstmaq
MD5

9826c58519b0bcfa3af834ad6b7d6c7e
SHA1

7a3f388b048583d785bba7704fa553b668dc06d9
SHA256

2b763f35a0ffca2cc6df3371c6d2080385f57c0a57551bf84e6d2ab008f5f89a
SHA512

4e779d83c4b4c1ce1515475344b464b6a089c68ca0159994eddeb93e073f924732e62832b5ceba04a50b732021e5d296d023e63b593f1219f443ded2e28c2063
SSDEEP

12288:7OBY26eKdb1RHfBbb4nDspAclHNmPucPBKajlhfsWSRSX:vegdqiBlHI/PBKajHfBx

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.antoniomayol.com:21
Port:
21
Username:
[email protected]
Password:
cMhKDQUk1{;%

Targets

- Target
  
  GH87656090.exe
- Size
  
  669KB
- MD5
  
  9cca43022d5f3af15147cf720b6c8e33
- SHA1
  
  73e8cc1cc7142e14b6ddf11ac93cbdcf6beb6982
- SHA256
  
  93063bffa5bb0454c847653d9c59992fcd01be270abf07620b718e3860bcff13
- SHA512
  
  760adeda9048eccf96cb2ba41fc19a991d87b9835c6348fd6dab0cf0d2c1d0975fe533cf0d60b474d96c7a5e1b065cad45a8e6306247c1f75690aa59c58ea98e
- SSDEEP
  
  12288:jOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPis/n+HJsPAcP/oajlhfC6wRgX:jq5TfcdHj4fmb5/n+HGZP/oajTfVR
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Agenttesla family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2