agenttesla | 4ff810b6c4591c0fa36f0c847f8bfcdde91c6f218b0fa123826f12ec4f542ab5 | Triage

Sharing

General

Target

4ff810b6c4591c0fa36f0c847f8bfcdde91c6f218b0fa123826f12ec4f542ab5.exe
Size

1.3MB
Sample

250121-dd7azasqc1
MD5

6a1679693ea637a2b65b965dd496d045
SHA1

282d192e2327fdcfd00ec6f217638a09e8ac3616
SHA256

4ff810b6c4591c0fa36f0c847f8bfcdde91c6f218b0fa123826f12ec4f542ab5
SHA512

10684689d7bf46b98aee82b034cbba3f3fd647e1c662fec2a2c22bdfeae40006dd83bba29502ec7beb626557edec7ef53ff34a3561b0e634721e90fe66171002
SSDEEP

24576:7yaTivn9N/a/3Z67jWOO8Fv0Ojmxi0X5aCsyIh8LyKQ5vd95S:Waa9N/aPZajbO8FcOjxK1sOLyKQFH5

Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://s4.serv00.com
Port:
21
Username:
f2241_evica
Password:
Doll650@@

Targets

- Target
  
  4ff810b6c4591c0fa36f0c847f8bfcdde91c6f218b0fa123826f12ec4f542ab5.exe
- Size
  
  1.3MB
- MD5
  
  6a1679693ea637a2b65b965dd496d045
- SHA1
  
  282d192e2327fdcfd00ec6f217638a09e8ac3616
- SHA256
  
  4ff810b6c4591c0fa36f0c847f8bfcdde91c6f218b0fa123826f12ec4f542ab5
- SHA512
  
  10684689d7bf46b98aee82b034cbba3f3fd647e1c662fec2a2c22bdfeae40006dd83bba29502ec7beb626557edec7ef53ff34a3561b0e634721e90fe66171002
- SSDEEP
  
  24576:7yaTivn9N/a/3Z67jWOO8Fv0Ojmxi0X5aCsyIh8LyKQ5vd95S:Waa9N/aPZajbO8FcOjxK1sOLyKQFH5
Score

10^/10

discovery agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerpersistencespywarestealertrojan