agenttesla | d41dac29dbd4d480221a0598ef8a784fcc856f2cca2dae9c8dd38adc01d7ebb8 | Triage

Sharing

General

Target

d41dac29dbd4d480221a0598ef8a784fcc856f2cca2dae9c8dd38adc01d7ebb8.exe
Size

2.4MB
Sample

250111-f17w5aylhp
MD5

2be05e23b58f0391fa6ff8f4fd3e4cf2
SHA1

6016c4770545b024784d39359aa1476b468ff127
SHA256

d41dac29dbd4d480221a0598ef8a784fcc856f2cca2dae9c8dd38adc01d7ebb8
SHA512

6753dbc9b858ccbc08c402b21da4b3d43785097f5cfd8e02cb894c4d55735e34e907403737b5a7d183c5fe94bc6a034613cf434c582408ab3ebb22c1067a42de
SSDEEP

49152:w3ASbdYAm4zEbdYAm4zWbdYAm4z23Ag3AWbdYAm4zSbdYAm4zO3AKBGmhesZjzQ:iA4drWdr0drkASA0dr4dr8AVHsBzQ

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.horeca-bucuresti.ro
Port:
21
Username:
[email protected]
Password:
e)rWKbKP8~mO

Targets

- Target
  
  d41dac29dbd4d480221a0598ef8a784fcc856f2cca2dae9c8dd38adc01d7ebb8.exe
- Size
  
  2.4MB
- MD5
  
  2be05e23b58f0391fa6ff8f4fd3e4cf2
- SHA1
  
  6016c4770545b024784d39359aa1476b468ff127
- SHA256
  
  d41dac29dbd4d480221a0598ef8a784fcc856f2cca2dae9c8dd38adc01d7ebb8
- SHA512
  
  6753dbc9b858ccbc08c402b21da4b3d43785097f5cfd8e02cb894c4d55735e34e907403737b5a7d183c5fe94bc6a034613cf434c582408ab3ebb22c1067a42de
- SSDEEP
  
  49152:w3ASbdYAm4zEbdYAm4zWbdYAm4z23Ag3AWbdYAm4zSbdYAm4zO3AKBGmhesZjzQ:iA4drWdr0drkASA0dr4dr8AVHsBzQ
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan