agenttesla | 5367eec332298cf8a0c5d5d2e8dd09566a577a24fa147272affb71c3e37c8e3d | Triage

Sharing

General

Target

5367eec332298cf8a0c5d5d2e8dd09566a577a24fa147272affb71c3e37c8e3d
Size

6.1MB
Sample

250112-3j6dasxmbp
MD5

199074fd23539586477ab00ffd8f14ce
SHA1

4639274fb88f62f0457ada22683042c71b093041
SHA256

5367eec332298cf8a0c5d5d2e8dd09566a577a24fa147272affb71c3e37c8e3d
SHA512

ce7a5ab9187ffe1a8cd1ca81e3ad0cd1c3b67ac3c65559913f38aac525e6f31cf0f6ef06028d37eee4cfcf95afa740913bab67869dd0fba77abb16959135b8fe
SSDEEP

98304:lXWuQPJs7JCz7tlEJlGF3138zULCbjDjcpGez7DAfgZYtu/8jyvruxU8ebuO4PDZ:lTswV+W4L5fzH+tu/8CruxjO+DZ

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.transotraval.cl
Port:
21
Username:
[email protected]
Password:
vIZ2P]dt&a!d

Targets

- Target
  
  Potwierdzenie zlecenia platniczego-61.exe
- Size
  
  24KB
- MD5
  
  3a93ac3a8a3ddd272bd32fa96c265c21
- SHA1
  
  e131802d124904fdfbbd34dabd931089cddcaa19
- SHA256
  
  767b9f92278f53a314164c7af2a5ef37a633509799d069cfb425b449407a57b5
- SHA512
  
  e3aeaa974a270fb3f7958ce1fd9a533ed602f4a62b88fce1398ad01b756560eaf6a1d2821f238bf00393ba3c27f7cfc3b7648e92fed20e9d365bf020eebade51
- SSDEEP
  
  768:+dSqyekhFEG+5rGKxnVbgvqxN5rh9K/Y/h:kSqhG+5yKxnKvKN5rDK/i
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  jli.dll
- Size
  
  20.7MB
- MD5
  
  b9b3a15f35fae32dd6c6c55a00bde812
- SHA1
  
  c1efa9e2ece1aab588a0825757fbf1001ec074ee
- SHA256
  
  20a55c2d24a4869c79eda8c371662e1113fcdb6477e13aaa5d9b2f159cf4a76d
- SHA512
  
  60722001f654b9b0fcbfd8906880655c31892ad3fb52cf31421f51d2400e045f82985c02330fb0dd554498b0f694af18a7db1967e6556a8838e866d2ba70a0ac
- SSDEEP
  
  196608:uoy63z7jaCWYV0Tp/P5+BtcgfYqtV9K38GAhZsZWp0YEO:HJTV0Tp/R+BtcggqtV7AZWiO
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral3

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral4

agenttesladiscoverykeyloggerspywarestealertrojan