agenttesla

General

Target

41a62dff86937cca1a97d13d1fcedc04233e8d14feba2bd8389d5a2957b1e505
Size

527KB
Sample

241218-bks1tawlb1
MD5

d4621fa853d3403b56095778934e138a
SHA1

2b0b0df4f99e19419e061159ce83c799e15803d3
SHA256

41a62dff86937cca1a97d13d1fcedc04233e8d14feba2bd8389d5a2957b1e505
SHA512

167f3aac35dadbd4007600d57f0615e23145bf2cf6ccb85c08867f2449ce53977646ac627e7e7cf5739f41464ddb8df693b3d56d5d8893813536c3a1464e78b2
SSDEEP

12288:F2c4ex/63VrP6DsoqqX+kEJUGg9l6vcG8A7ziqj7u5Wd+hf:FoBlrPwIgplCcOfi+7Nkf

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.stingatoareincendii.ro
Port:
21
Username:
[email protected]
Password:
3.*RYhlG)lkA

Targets

- Target
  
  OC 90073767.exe
- Size
  
  552KB
- MD5
  
  8faa09f01bb31e3b8894c68ab5cdf475
- SHA1
  
  77b8b6a3e7cab083b4c05f5ab25889680a21e1b9
- SHA256
  
  73bf065eabac20e8486f86f1cc1e187b1e04adc12938e0bbb8c7b8852be0c2d8
- SHA512
  
  8e030bd798cfc6863a55554d60eae958ba5bca3fd87c05ed9603456cdf36fed5b3b443d7a06693395d92c407121e9d1243f0688a67cd97703f17d7041620f90f
- SSDEEP
  
  12288:uquErHF6xC9D6DmR1J98w4oknqOOCyQfEGj/1jPy5Rfw:jrl6kD68JmlotQf3j68
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Agenttesla family

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2