agenttesla

General

Target

8465f963efa6caad72607965a13d45407902ec2bc4648e24c92881a1e40c1e6d.exe
Size

784KB
Sample

250122-g95zkatken
MD5

e85120ae6e26e400b9e04147908c93f0
SHA1

16deafd5efffab3135f85b964a869d84dca61b45
SHA256

8465f963efa6caad72607965a13d45407902ec2bc4648e24c92881a1e40c1e6d
SHA512

7a14036c9dbc36caf62c00add3d88395256d10abee68759856a896609526acd8c185a3eef9d528b61eeac0b76335f9360388c66df52449e8d1fba373d8e4cd33
SSDEEP

12288:v6Wq4aaE6KwyF5L0Y2D1PqL0/h7xmPBBAYu9QSUVMvYGSR1VLprLwuiCpcgzR7hY:tthEVaPqLsrgYYBSUevvW13LTX17hSh/

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.antoniomayol.com:21
Port:
21
Username:
[email protected]
Password:
cMhKDQUk1{;%

Targets

- Target
  
  8465f963efa6caad72607965a13d45407902ec2bc4648e24c92881a1e40c1e6d.exe
- Size
  
  784KB
- MD5
  
  e85120ae6e26e400b9e04147908c93f0
- SHA1
  
  16deafd5efffab3135f85b964a869d84dca61b45
- SHA256
  
  8465f963efa6caad72607965a13d45407902ec2bc4648e24c92881a1e40c1e6d
- SHA512
  
  7a14036c9dbc36caf62c00add3d88395256d10abee68759856a896609526acd8c185a3eef9d528b61eeac0b76335f9360388c66df52449e8d1fba373d8e4cd33
- SSDEEP
  
  12288:v6Wq4aaE6KwyF5L0Y2D1PqL0/h7xmPBBAYu9QSUVMvYGSR1VLprLwuiCpcgzR7hY:tthEVaPqLsrgYYBSUevvW13LTX17hSh/
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Agenttesla family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2