agenttesla | c6d141da71aa3e59bdc98cce5ecd8d0ac6a302f0b3d99dd193b0cc5bffadde5c | Triage

Sharing

General

Target

Mensajes en cuarentena.zip
Size

2.9MB
Sample

250122-ms56wstjfl
MD5

309cb4f22669c879dad592dc497caf85
SHA1

b98384e59e1b704087a457d10f6c8ccfde2d2552
SHA256

c6d141da71aa3e59bdc98cce5ecd8d0ac6a302f0b3d99dd193b0cc5bffadde5c
SHA512

0fa4b4464e47650ceb2d7be312375dc6efa86a191e2207215c7af0a6252502cd105eda1bb000d3f236240a637df72632a891ee65a0ed2b599d91f492898351f0
SSDEEP

49152:RTh7aSaMSrJByZPdnI13NKx0my1nTU3ICI74CxsS8nm/Tg1sN3XfQQoP:RTpaPMSrJBoP5e3NbjThPsb+WIq

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.solucionesmexico.mx
Port:
21
Username:
[email protected]
Password:
dGG^ZYIxX5!B

Targets

- Target
  
  AWB GUÍA AÉREA 5526456806 OBSERVACIÓN MODELO DE ITEMS.exe
- Size
  
  1.3MB
- MD5
  
  70b62fe5c9f6a8bfccb0b2a4b8d45e84
- SHA1
  
  129d8ca1944bcf608fa12a032d254e7dc08c2cc7
- SHA256
  
  3c0c387ff08da55e2f2f8062bae3732ff7787a95aa8c6371482be5b9c719ef9e
- SHA512
  
  dcd7ef997cc75035340e68706094a0c118f1beccdcc5862c21a96458726b89b6fdb3f9563734630796bdd164e5f93dc0e61ccb27df27235c376c4e54ecbe6170
- SSDEEP
  
  24576:ctb20pkaCqT5TBWgNQ7aWQXC9PnTYBN9mSSsNcG6A:FVg5tQ7aWYBBBSA35
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  GUÍA AÉREA 5526456806 OBSERVACIÓN MODELO DE ITEMS.exe
- Size
  
  1.3MB
- MD5
  
  70b62fe5c9f6a8bfccb0b2a4b8d45e84
- SHA1
  
  129d8ca1944bcf608fa12a032d254e7dc08c2cc7
- SHA256
  
  3c0c387ff08da55e2f2f8062bae3732ff7787a95aa8c6371482be5b9c719ef9e
- SHA512
  
  dcd7ef997cc75035340e68706094a0c118f1beccdcc5862c21a96458726b89b6fdb3f9563734630796bdd164e5f93dc0e61ccb27df27235c376c4e54ecbe6170
- SSDEEP
  
  24576:ctb20pkaCqT5TBWgNQ7aWQXC9PnTYBN9mSSsNcG6A:FVg5tQ7aWYBBBSA35
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  GUÍA AÉREA 5526456806.lzh
- Size
  
  666KB
- MD5
  
  10645dfbad205e839fe7e929b2d887de
- SHA1
  
  47c5b65c641d6c914e64b404c6a98435efa71198
- SHA256
  
  1ccd9f18aa34d71dcfb2e4d488de0952cf165080a63e20f3cc097158667e6bbd
- SHA512
  
  0877fbe7a5141ea040d95ecc867e984b6f4ee0e4952184b9c9bcceb50fd0b1c5ef0c3176afe4bb253d16ec38ba97c415cec6e62c0f094ff74601cf457b163d91
- SSDEEP
  
  12288:TRknDaWWW3v4MlcT5I+SO/wRGVhTeUko7hRv3y+y5zZrLuGlJp:TRknDaW3gNO+T4RGVhSUn7vv3fC9rLB3
Score

1^/10
behavioral5 behavioral6
- Target
  
  GUÍA AÉREA 5526456806.exe
- Size
  
  1.1MB
- MD5
  
  9943450c5d5c2f2ede521f05c3b9632f
- SHA1
  
  b245ea0fa36d1e100047dc7b40aba0d7a1e3aebf
- SHA256
  
  8fe864adbc9a6ec504fa9629494b1dc4091472e655e455ea749a57febac23d6a
- SHA512
  
  d86650d071b855f39f67b827733b14d368a753885a4e27c9c759b1f77144657c59185b4e032bafdd4b6c1fedc0cd7ddf9adbca8501e4fe96ac2289512022099a
- SSDEEP
  
  24576:/Cdxte/80jYLT3U1jfsWaHW7DU6JYqauCtjIMQ:ew80cTsjkWaHW/hKs
Score

5^/10

discovery
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral3

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral4

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral5

behavioral6

behavioral7

behavioral8