agenttesla | 6db7eb8417d857e5ec233780642a849807a4e1ad7ab6f60e43d45ce0018e75bf | Triage

Sharing

General

Target

6db7eb8417d857e5ec233780642a849807a4e1ad7ab6f60e43d45ce0018e75bf
Size

6.2MB
Sample

250110-bqsx1axjaw
MD5

df8db7498d66ae3d86ddf5384b33aa31
SHA1

1ed661673fd64c8394243a706893109afc1fe2e9
SHA256

6db7eb8417d857e5ec233780642a849807a4e1ad7ab6f60e43d45ce0018e75bf
SHA512

44c40e93048a7b54972d65d29b0de3a2166ef8224d56a5069a0819b01371a2dd7b0917de8b4b93d44d95992818f4e709f24014c99db2ff609686ebdbc0fdbdbc
SSDEEP

196608:4sTbYMORs/04EWeRuNETq7+9lD60R9fAz5kElVjqwSS:43A3en6AZ/bfJCjtSS

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.transotraval.cl
Port:
21
Username:
[email protected]
Password:
vIZ2P]dt&a!d

Targets

- Target
  
  Ordine n°24-00980.exe
- Size
  
  332KB
- MD5
  
  62ddad05e64d4a2786077d2d52b72ea3
- SHA1
  
  30eb88a8981d599733ca1fbdb2becab92f17faee
- SHA256
  
  85fbcf8690e0b19c8f21249ad0fe659cb98970c78fc66d86db77e31053ea4ab4
- SHA512
  
  d145d6d5fa8a5cf7b93c11517fa0ba0943002e2a1c5bda5106156b25ff72d95f71fbc7e51184aa7a3d337659ae92ef8e31195f800abe24f0e2e5d6f55c758144
- SSDEEP
  
  3072:RalFC0+WljDJR0YR4F4dYk4zD6DhC9L38bgwN8iynO8VLPZlFCcuM82ADvlBmncW:RaLC0+WJDreX6DhC9L3li8O8t31XcBTQ
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  vsdebugeng.dll
- Size
  
  20.9MB
- MD5
  
  60d1e11094c90e2b61303bae9160168f
- SHA1
  
  9cf1010a9f8182d32b2f0d218676e3c6ac878dee
- SHA256
  
  24aa1271d64fa8895002e63442ede07b06acbc83781fc91a399bb159f22c7318
- SHA512
  
  43d69a2a4b7827f59d9a0778bf28344c880d9825244d0e011ae722eb019b914ac6705fa3b87d4fdca8c741147e82c3d93b409ec1dc94a8a2878f6cc9d285f82b
- SSDEEP
  
  196608:0RULr8lp6kocdcbf8hvH6wUpiJqtC34BjQKjkt0aPLb0tsR7hbQQ:Y6edcbf89H6wUpiJatjO0aPLb0q7hX
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral3

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral4

agenttesladiscoverykeyloggerspywarestealertrojan