agenttesla | acba2aba05c54067a1837b23ede11edd44ae646f197e00285d0280681b3b2b2e | Triage

Sharing

General

Target

Orden de compra-password(Y6V1AmQz).zip
Size

1.3MB
Sample

250122-1611zsylfz
MD5

2d433124b3245738a6af87f789fd8598
SHA1

7c4b00c26810e614dc088fb23ad7dad1e65fb560
SHA256

acba2aba05c54067a1837b23ede11edd44ae646f197e00285d0280681b3b2b2e
SHA512

d1dfea0143d6008038d14555a9a3b3bc0df8623dc82ca4b7cf7d09a6898acbca07bfcbf6f941a21d0419040290c9a0e13c57ad00e279152003327b0aa1ee1a66
SSDEEP

24576:SBAgQ98DvTa8rmjBY71ZgiRe1kUidx5PgQiyUoLgbp7VTZ/QLKG/0GV:hirXp1ZhREiOluKp7VTJrY0GV

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.solucionesmexico.mx
Port:
21
Username:
[email protected]
Password:
dGG^ZYIxX5!B

Targets

- Target
  
  Orden de compra-password(Y6V1AmQz).zip
- Size
  
  1.3MB
- MD5
  
  2d433124b3245738a6af87f789fd8598
- SHA1
  
  7c4b00c26810e614dc088fb23ad7dad1e65fb560
- SHA256
  
  acba2aba05c54067a1837b23ede11edd44ae646f197e00285d0280681b3b2b2e
- SHA512
  
  d1dfea0143d6008038d14555a9a3b3bc0df8623dc82ca4b7cf7d09a6898acbca07bfcbf6f941a21d0419040290c9a0e13c57ad00e279152003327b0aa1ee1a66
- SSDEEP
  
  24576:SBAgQ98DvTa8rmjBY71ZgiRe1kUidx5PgQiyUoLgbp7VTZ/QLKG/0GV:hirXp1ZhREiOluKp7VTJrY0GV
Score

1^/10
behavioral1
- Target
  
  9d12b6e43b876a44527607a4dfdeb5f125020bbb3b674cae1886fea0812d1c5d.eml
- Size
  
  1.3MB
- MD5
  
  2eabda3041044b80921976fe95c90f50
- SHA1
  
  e687c9bcfc6fe36b370d3fb3116a6ce0ec0d09bb
- SHA256
  
  7f3e850479ef2043f217e976f5cded7a84b71de4b170f21d01473f26f9741a2e
- SHA512
  
  29268f4fcf513eff55510d3f8f589da1ae021c9edc0c47c1db4a38f6acbbf15a5e5399d5581ed931c6dad8e492b5fa233c9a45c37a9d7fc6facad1e319a31b7d
- SSDEEP
  
  24576:WlgjkYJ7MlQTpCr+cSf881rRDFdhDpEfpBZyRB9XHH2n3Pc0mDxih/:WSCaTaEfFBoYGfRR
Score

5^/10

discovery
- Drops file in System32 directory
behavioral2
- Target
  
  840a07a2.png
- Size
  
  60KB
- MD5
  
  840a07a2c80072c43b91040886b301d4
- SHA1
  
  a222667e355d8a4dfa0c7009f4d33e3016572689
- SHA256
  
  7568e6027ae2504c1aea3e202c961088df6dc946d42e3cb13f4185395d8e52b9
- SHA512
  
  ce953616e0369df731957db30d8ff12bbe83a82e5278ac0fa0f64b71adcf7d7ba7aae26f924f3741cd7144e71e7280842b520fdce22cf18413c217b203e305ca
- SSDEEP
  
  1536:EKO3DALHlgf29YZai9t8JbmlW5wKucQlE/JyZaPAq:FLHlgu9YZL986lW5wKucyEQZZq
Score

3^/10
behavioral3
- Target
  
  Nueva Orden de Compra 5424.gz
- Size
  
  876KB
- MD5
  
  beb2e5db810f2a6f3f4c0954bb204c33
- SHA1
  
  7d3b4915fbb95add8080a547438e91c2ed47adda
- SHA256
  
  eebf4e02ac5a900a8549a8b8c230a0445706ab295e49439f670bf2e3316d39bb
- SHA512
  
  2eb574baec2bd03053d061af8f4df28896a419c5ed072b4227f4a234ef943d01c25fb2a63cb998d00453116362803eda030bb73a4ddea1f5accd03e7e4b0c700
- SSDEEP
  
  24576:hOdGuU+dfrVS2TgEhBfWA9vPgK9kVCEwfIOTKD1F:hOwutdwa3DBpXkVofIN1F
Score

1^/10
behavioral4
- Target
  
  Nueva Orden de Compra 5424.exe
- Size
  
  1.3MB
- MD5
  
  70b62fe5c9f6a8bfccb0b2a4b8d45e84
- SHA1
  
  129d8ca1944bcf608fa12a032d254e7dc08c2cc7
- SHA256
  
  3c0c387ff08da55e2f2f8062bae3732ff7787a95aa8c6371482be5b9c719ef9e
- SHA512
  
  dcd7ef997cc75035340e68706094a0c118f1beccdcc5862c21a96458726b89b6fdb3f9563734630796bdd164e5f93dc0e61ccb27df27235c376c4e54ecbe6170
- SSDEEP
  
  24576:ctb20pkaCqT5TBWgNQ7aWQXC9PnTYBN9mSSsNcG6A:FVg5tQ7aWYBBBSA35
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral5
- Target
  
  email-html-2.txt
- Size
  
  4KB
- MD5
  
  e1cf704bdde8d2cc3b217b58a16f4dcd
- SHA1
  
  026e542a903490e7d9a872bd9e3f8183a374fe9a
- SHA256
  
  cc3cfccfde5eaf38d8b9a3f7805b7bf2f082452e3d21a692b9958b22ba626c9a
- SHA512
  
  5ffdfdf0299a31e1ebf977b226e13f0eba8c63cbf314fc8dc3532da65937c158b71896f676614df9befca7507fa517d1cb3ac4d46c84396249afd83ef1cdc295
- SSDEEP
  
  96:m9NSD9sLRXezRXY1nSTRXuShMBtLGMxSTRXPGM/fGMHRXPGMfHezvIv8:mrSDONOVIk1bhMBFGMA1/GMnGMx/GMv6
Score

3^/10

discovery
behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral6