agenttesla | a96ca760a6d6768889a0c4fe53db73ec3ada0f1397947e063065831f50898a16 | Triage

Sharing

General

Target

a96ca760a6d6768889a0c4fe53db73ec3ada0f1397947e063065831f50898a16
Size

4.6MB
Sample

250118-bmek7symev
MD5

c94a29b08c01424faa91a939fe95ad42
SHA1

6e4e5f869934876d6c2ef8d0adaf9aa9f61b4e3d
SHA256

a96ca760a6d6768889a0c4fe53db73ec3ada0f1397947e063065831f50898a16
SHA512

1dd66455579a2c73fece4adf37b7e57c550dfaa29a5a16237f8f0f983dd7fb5e746e8c9b092d87f01ec1b5c4f33198c2ee03d0a73f8d5763b8a4d010b0c1ef11
SSDEEP

98304:f4JtE+wuADc3ZgfaOOr000vzmX0h6MUc2HuRV0WtXB:fCu7DQZgNip0Eruj08R

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.transotraval.cl
Port:
21
Username:
[email protected]
Password:
vIZ2P]dt&a!d

Targets

- Target
  
  jli.dll
- Size
  
  14.9MB
- MD5
  
  e1fec253d915b28b1b26b6b639ed6c9b
- SHA1
  
  6ea45e8acfd2f935fabdb1b25ad4eb4b22626926
- SHA256
  
  b218c3a382a8039d476e9058493d4482a3458fcbe13299ba3f4dec9d7133cab1
- SHA512
  
  dd2364005c0742bb49416d9cdc973edaa87cc771b271e8dcb207ded42a58109384a1c1d41898508d229e4554c766c86b954cf09729558931d7c814da069ab415
- SSDEEP
  
  98304:VOQFdSNXPB17DaZULskCR2cEtbY4/mj78GfZuhE3x7d3:VzeXPB17DLLhCR2cEt8jAGRuhE
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  ordine OF000531.exe
- Size
  
  33KB
- MD5
  
  351e2c2351d416773e2c27f0729cea64
- SHA1
  
  b4341e0440415b236f96c59888caaf006c37d6ef
- SHA256
  
  f7ee2ce039911db34567db0eda4471a5414831959f0d047e422ee7f3a5370a72
- SHA512
  
  55cf4e7d1f2840e97c96615cfda684780fa4501643817b72b51cd9b95478f0e4806230c7e53bcf2ef3e4ef0358248c26cc5476ec33ec823142576e664c619b7b
- SSDEEP
  
  384:e8fXF1QjKF5WE4C5AqxPOUkpqmAM+o/8E9VF0NycyztxPOUYXaxWvAM+o/8E9VFf:91lFc7C53MamAMxkEttMcyAMxkElGO
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral3

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral4

agenttesladiscoverykeyloggerspywarestealertrojan