agenttesla | 2a2d5c88b75c24a8ee267fcab7668a6e1f27138e54b98e05454903f90d426f7f | Triage

Sharing

General

Target

comprobante de pago.uu
Size

734KB
Sample

241217-s4lvaaslhx
MD5

e0cec6f1b9fcfe139961936290ed5dfe
SHA1

e654dda6580fa450b7e1f04f7e029b49ed99087e
SHA256

2a2d5c88b75c24a8ee267fcab7668a6e1f27138e54b98e05454903f90d426f7f
SHA512

d1b4b5692428e9e602b8a03899f9a0c64d1bc9065e5d156b94b522b57122e9c6e35c0f8e0104129fc86af981b8917435c48919f393bdeb36cffb890c987573c1
SSDEEP

12288:y7+4h1i5IVjUysSHkNVE3RYHkF0fbkUQm91R49Vb8JSQSeCK8J64YhYqp1kiFIGm:32vVjNsSHIiyHGnUj1OfAobTKAuhzp1g

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.horeca-bucuresti.ro
Port:
21
Username:
[email protected]
Password:
e)rWKbKP8~mO

Targets

- Target
  
  comprobante de pago.exe
- Size
  
  2.4MB
- MD5
  
  2be05e23b58f0391fa6ff8f4fd3e4cf2
- SHA1
  
  6016c4770545b024784d39359aa1476b468ff127
- SHA256
  
  d41dac29dbd4d480221a0598ef8a784fcc856f2cca2dae9c8dd38adc01d7ebb8
- SHA512
  
  6753dbc9b858ccbc08c402b21da4b3d43785097f5cfd8e02cb894c4d55735e34e907403737b5a7d183c5fe94bc6a034613cf434c582408ab3ebb22c1067a42de
- SSDEEP
  
  49152:w3ASbdYAm4zEbdYAm4zWbdYAm4z23Ag3AWbdYAm4zSbdYAm4zO3AKBGmhesZjzQ:iA4drWdr0drkASA0dr4dr8AVHsBzQ
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan