agenttesla | 9b688c5929cea65ae3f69a22b3780fa3f45b434fce94a9ccd39392b8dc7003b5 | Triage

Sharing

General

Target

9b688c5929cea65ae3f69a22b3780fa3f45b434fce94a9ccd39392b8dc7003b5.exe
Size

2.4MB
Sample

250114-djj3mavmcy
MD5

038582cff59bd7c92aa1d71b8ac632c7
SHA1

ff4bfdc38ab995019c8685ea4bc63951e5f370ee
SHA256

9b688c5929cea65ae3f69a22b3780fa3f45b434fce94a9ccd39392b8dc7003b5
SHA512

6e72be1e887a305ae4636b063b9438a0c0cfe667387a235960f57b0853973a23e426508aeef9adc6891e6536a1c3bf2c41b00961f6aad32e0eb2f2b7d2f82a33
SSDEEP

49152:dbdYAm4zEbdYAm4zXbdYAm4zKbdYAm4zFbdYAm4zB3An3AI3AJ3Aa:ddrWdrrdrAdr1drlA3AaAtAa

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.fosna.net
Port:
21
Username:
[email protected]
Password:
=A+N^@~c]~#I

Targets

- Target
  
  9b688c5929cea65ae3f69a22b3780fa3f45b434fce94a9ccd39392b8dc7003b5.exe
- Size
  
  2.4MB
- MD5
  
  038582cff59bd7c92aa1d71b8ac632c7
- SHA1
  
  ff4bfdc38ab995019c8685ea4bc63951e5f370ee
- SHA256
  
  9b688c5929cea65ae3f69a22b3780fa3f45b434fce94a9ccd39392b8dc7003b5
- SHA512
  
  6e72be1e887a305ae4636b063b9438a0c0cfe667387a235960f57b0853973a23e426508aeef9adc6891e6536a1c3bf2c41b00961f6aad32e0eb2f2b7d2f82a33
- SSDEEP
  
  49152:dbdYAm4zEbdYAm4zXbdYAm4zKbdYAm4zFbdYAm4zB3An3AI3AJ3Aa:ddrWdrrdrAdr1drlA3AaAtAa
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan