agenttesla

General

Target

0bc0c7be0017435ceb7863d7d9095d331888d35ac8ddd2bda28759c0bd5f999d
Size

898KB
Sample

250122-bmewza1mfp
MD5

08f25cceddf8510f655e759be0b8bbee
SHA1

c79d6040698bc3919ef001f0b1ce538756af2ca6
SHA256

0bc0c7be0017435ceb7863d7d9095d331888d35ac8ddd2bda28759c0bd5f999d
SHA512

399d9e453ce38c539b2e10fcb18e7ff59999d69501f3890fbfdac9d1b05ed53341026a7731eb270bc018225d89a720ab3db4ba3a37c31bdca4762ef4537012e9
SSDEEP

24576:P+2YmffbG7/FncuXUAGlyR+109QsnMlK/:P+2BfG/FncuXbh60aA/

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.stingatoareincendii.ro
Port:
21
Username:
[email protected]
Password:
3.*RYhlG)lkA

Targets

- Target
  
  cotizaci¨®n..exe
- Size
  
  986KB
- MD5
  
  f7af46b232962456384de6b5a1868f35
- SHA1
  
  8501bf6a4b6c1ee9b17b9b2f4d0f0fae556fdd3e
- SHA256
  
  e205d1b67d10af4bd5fe635494f160be0a0446430ee042abe78d1cd4e153dcdf
- SHA512
  
  152fb098f3287cb8e0ad583d10d36f324086bb7a02865bb8395e8feeb8a970a225623015683d4faedb0bb1d55ad325849b503b4f18da015781a1df3b28be10b5
- SSDEEP
  
  12288:dOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPilQWbAts3FT6dsbJtA3RsE1gBkqhhW:dq5TfcdHj4fmboh5FbuBwt4clGC1Fr4
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Agenttesla family

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2