agenttesla

General

Target

43c8170c193a7c8dac1fef61e24f31d8bd954ee7645458e092b5a0dfda03bb41
Size

528KB
Sample

241217-bedzpswpaj
MD5

658eeb4ddb2fe998c1425aa146047730
SHA1

ae7f4830c80460db3a821870b466128026ecfcf0
SHA256

43c8170c193a7c8dac1fef61e24f31d8bd954ee7645458e092b5a0dfda03bb41
SHA512

9b06de14074db56277a3137f7e9a22ca6d7dcb5e5aa8e199f3a0f7277385ee6e68d155bb316dc29ca54d678eda03578578b91d39805cc3de12b83926b3aa9d9e
SSDEEP

12288:rBstGlEkf+gxWl/1KE/Z3haHJWHTMqUi3j5/LsVcXs4eABwPCY:qtG+kfXxWl/sYZTH0M/Lac84BACY

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.elquijotebanquetes.com
Port:
21
Username:
[email protected]
Password:
-GN,s*KH{VEhPmo)+f

Targets

- Target
  
  Envío de Orden de Compra No. 66534_867542345467897867868967.exe
- Size
  
  552KB
- MD5
  
  7c2f6ad007de6e04e91b641e5b7354ce
- SHA1
  
  13c5437220f48c5ce507040e45ab7da543fb6b44
- SHA256
  
  1fb1198c951352f674ea1afa234096687a52fb562fc81e8ae7fbf531b41d44e4
- SHA512
  
  cf9bb7c0400d264615302189a85ddd27f6481ac3e9785242efb177e0af2d10bfef448a244fb832212432287c3f16353efabffe20f069545c40268198f1403caf
- SSDEEP
  
  12288:aquErHF6xC9D6DmR1J98w4oknqOOCyQfaW3pRcBXTGrH5ei:Prl6kD68JmlotQfxeXmN
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Agenttesla family

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2