agenttesla

General

Target

896e58f363f548a9f83bfa1f502f1b985c10d6f7e1355a9b6952b7dece36c0f3
Size

549KB
Sample

241122-bfx4za1lcy
MD5

6cb5adad49da49c904fcb3eb24057381
SHA1

6b1e4ffc2aa94395d77b53ff52f5736d8592b25b
SHA256

896e58f363f548a9f83bfa1f502f1b985c10d6f7e1355a9b6952b7dece36c0f3
SHA512

c7fe41c322acb3f445c465b257dcf104bd6c9552c6bd34a390df1019e5936e430f41bdafb9a0147d9deef292713dcbc2df3730b7d4782f86924bde8a3b503ee5
SSDEEP

12288:f079sYVGL9LrI979yI1it4xdZszhoar9jPX4aoVFk/+emw:u9sYMdrE79yyuw2oa9mfkWy

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.stingatoareincendii.ro
Port:
21
Username:
[email protected]
Password:
3.*RYhlG)lkA

Targets

- Target
  
  OC DDLP__ 241119L2.exe
- Size
  
  633KB
- MD5
  
  dab54091cf97a80110322dd3811d0216
- SHA1
  
  4c1d2655af7becbf69562fb70435b202699a259f
- SHA256
  
  9184270c4570753191b6820560106d8c7dfdaed6e083ab4f5dfe1d0af71ac8bc
- SHA512
  
  dc77cc35d7f84f95e2cc6af4230b1c25c6006570e6a12d349beb14cfee75f0f03f5af295cba8093850bcebe7409fbb6d6081f4354e0a4abfda9aff8257608741
- SSDEEP
  
  12288:BOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPitMMMMMMMMMMMMMMMMMMMMMMMMMMM0:Bq5TfcdHj4fmbaMMMMMMMMMMMMMMMMMw
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Agenttesla family

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2