agenttesla | 20a2c297b8470bcaf226847b8143a848d307d43807a3dac6217b8ab69a42c46d | Triage

Sharing

General

Target

20a2c297b8470bcaf226847b8143a848d307d43807a3dac6217b8ab69a42c46d
Size

564KB
Sample

250114-bmzalsvnaj
MD5

7f86d6ee03c25ee8b414d4d5b5935d11
SHA1

a655950c90b515b8de53498aa201de7f6f7d6a3e
SHA256

20a2c297b8470bcaf226847b8143a848d307d43807a3dac6217b8ab69a42c46d
SHA512

32e3d92abe5bf037dcbba01997175756cc4ca69ef8359710f2e21556429c552e02a6026dd6d95adaef039a22f50d5454ae3cbc5e70da4fb2294afe4d0dcfb0c0
SSDEEP

12288:WubMMZEGPNNq5WwVLex7B54byNx/xfA2HOlbRKZN0ELck+55cI57eJM:1oC5PrwVL67b9/N92KZeEQX55c2

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.fosna.net
Port:
21
Username:
[email protected]
Password:
=A+N^@~c]~#I

Targets

- Target
  
  orden de compra_765645343465789675764567845768795764.exe
- Size
  
  2.4MB
- MD5
  
  038582cff59bd7c92aa1d71b8ac632c7
- SHA1
  
  ff4bfdc38ab995019c8685ea4bc63951e5f370ee
- SHA256
  
  9b688c5929cea65ae3f69a22b3780fa3f45b434fce94a9ccd39392b8dc7003b5
- SHA512
  
  6e72be1e887a305ae4636b063b9438a0c0cfe667387a235960f57b0853973a23e426508aeef9adc6891e6536a1c3bf2c41b00961f6aad32e0eb2f2b7d2f82a33
- SSDEEP
  
  49152:dbdYAm4zEbdYAm4zXbdYAm4zKbdYAm4zFbdYAm4zB3An3AI3AJ3Aa:ddrWdrrdrAdr1drlA3AaAtAa
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan