agenttesla

General

Target

24122024_1650_FAT876700900.cmd.zip
Size

576KB
Sample

241224-vb9rraskay
MD5

bbd97de1123cc8bcc74663888ff2a0b2
SHA1

714fef98bee0756da45a403ee4e5778b44ce566a
SHA256

60c7b7bdd010037b5459ec48a9ad5a2dd27f95ca8012cf1e1174975ed2fd2c61
SHA512

3d097194b86ff8ea3c949758b059001fe5949cd2acbed79df05306103dcf52160fd314dacd66d511194ae1ff3065a2f3fd9fba1cb5e9524023bcc5018156e23d
SSDEEP

12288:LZsKqvywQm6ivGs1OUqwQzZTZouDuiIY8bjyXRBUwdqFjZQJdYsM3XEox:FsemZGshq1quDbIY8nyXkYdXM3Xx

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.antoniomayol.com:21
Port:
21
Username:
[email protected]
Password:
cMhKDQUk1{;%

Targets

- Target
  
  FAT876700900.cmd
- Size
  
  601KB
- MD5
  
  79129cf9382f91ab74a895cd2c5a0c7f
- SHA1
  
  e1590b1a5ab3212dd35732affffb68236a2ca8b2
- SHA256
  
  1e6a8f176a0d7a9bd0321b4c032153f48b244be1584137453bf1afc07ea10157
- SHA512
  
  27a07feaa25f9aef7e62292a92197ffcc33a98200b21c26227afe6d0ffb658257846257321828afd332dfe360713c45462c2c65f940331cb9a33c581111e2807
- SSDEEP
  
  12288:0YV6MorX7qzuC3QHO9FQVHPF51jgckYY8bj8LfBmQdGFjZUBdYay3X8F:zBXu9HGaVHjY8n8LeWdzy3c
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Agenttesla family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2