agenttesla

General

Target

97a8bf73809611ee4048adc2714685bd29bba3e677f5589b1053e30e0d98cf53.exe
Size

590KB
Sample

250110-r6hpzazlgn
MD5

b12b444b2a02c69499aed36944384160
SHA1

69c880815225de5db3927af16727020cc9d563d5
SHA256

97a8bf73809611ee4048adc2714685bd29bba3e677f5589b1053e30e0d98cf53
SHA512

82731330e96bfbe9d151e70a9263e1e9444b2f9447d17fa33281177ac752724dc25fa58f7b64c05a4ffeae372d2009457b6778ad4a90deaac3f7d92ccc6a07cb
SSDEEP

12288:2quErHF6xC9D6DmR1J98w4oknqOOCyQfc8KeXMV7d/AhbUnWfW:7rl6kD68JmlotQfjXcV7B0bUWe

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.antoniomayol.com:21
Port:
21
Username:
[email protected]
Password:
cMhKDQUk1{;%

Targets

- Target
  
  97a8bf73809611ee4048adc2714685bd29bba3e677f5589b1053e30e0d98cf53.exe
- Size
  
  590KB
- MD5
  
  b12b444b2a02c69499aed36944384160
- SHA1
  
  69c880815225de5db3927af16727020cc9d563d5
- SHA256
  
  97a8bf73809611ee4048adc2714685bd29bba3e677f5589b1053e30e0d98cf53
- SHA512
  
  82731330e96bfbe9d151e70a9263e1e9444b2f9447d17fa33281177ac752724dc25fa58f7b64c05a4ffeae372d2009457b6778ad4a90deaac3f7d92ccc6a07cb
- SSDEEP
  
  12288:2quErHF6xC9D6DmR1J98w4oknqOOCyQfc8KeXMV7d/AhbUnWfW:7rl6kD68JmlotQfjXcV7B0bUWe
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Agenttesla family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2