agenttesla | c6d141da71aa3e59bdc98cce5ecd8d0ac6a302f0b3d99dd193b0cc5bffadde5c | Triage

Sharing

General

Target

Mensajes en cuarentena.zip
Size

2.9MB
Sample

250122-mvcblatkcj
MD5

309cb4f22669c879dad592dc497caf85
SHA1

b98384e59e1b704087a457d10f6c8ccfde2d2552
SHA256

c6d141da71aa3e59bdc98cce5ecd8d0ac6a302f0b3d99dd193b0cc5bffadde5c
SHA512

0fa4b4464e47650ceb2d7be312375dc6efa86a191e2207215c7af0a6252502cd105eda1bb000d3f236240a637df72632a891ee65a0ed2b599d91f492898351f0
SSDEEP

49152:RTh7aSaMSrJByZPdnI13NKx0my1nTU3ICI74CxsS8nm/Tg1sN3XfQQoP:RTpaPMSrJBoP5e3NbjThPsb+WIq

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.solucionesmexico.mx
Port:
21
Username:
[email protected]
Password:
dGG^ZYIxX5!B

Targets

- Target
  
  fc340970-75f2-4259-0146-08dd3a4dffef/03d68b26-576a-3aba-d431-f4688cef97e5.eml
- Size
  
  3.9MB
- MD5
  
  6176d0684fc2b7b7775a5d5f4e59e48c
- SHA1
  
  135a36c86c7506dbfca36c5edc43cb9e609b18a5
- SHA256
  
  eda46103cdde2bfc183b182e1ed3ceb2e353599decad5738276f75db5e6fb63e
- SHA512
  
  2e152fd3187ffbe17a79219ea69b48f9d2858baf50d859c3ed1415b9b943c9ced538110b566771da307d35f9d113f0ac10d7caba0e56d49c25b16abc22830a85
- SSDEEP
  
  49152:30wmg/AIlxH8GThdlGprSsxpuuiuQuU2cdXQ/Fo+YkFS0kr7Wwr:X
Score

5^/10

discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  AWB GUÍA AÉREA 5526456806 OBSERVACIÓN MODELO DE ITEMS.exe
- Size
  
  1.3MB
- MD5
  
  70b62fe5c9f6a8bfccb0b2a4b8d45e84
- SHA1
  
  129d8ca1944bcf608fa12a032d254e7dc08c2cc7
- SHA256
  
  3c0c387ff08da55e2f2f8062bae3732ff7787a95aa8c6371482be5b9c719ef9e
- SHA512
  
  dcd7ef997cc75035340e68706094a0c118f1beccdcc5862c21a96458726b89b6fdb3f9563734630796bdd164e5f93dc0e61ccb27df27235c376c4e54ecbe6170
- SSDEEP
  
  24576:ctb20pkaCqT5TBWgNQ7aWQXC9PnTYBN9mSSsNcG6A:FVg5tQ7aWYBBBSA35
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  GUÍA AÉREA 5526456806 OBSERVACIÓN MODELO DE ITEMS.exe
- Size
  
  1.3MB
- MD5
  
  70b62fe5c9f6a8bfccb0b2a4b8d45e84
- SHA1
  
  129d8ca1944bcf608fa12a032d254e7dc08c2cc7
- SHA256
  
  3c0c387ff08da55e2f2f8062bae3732ff7787a95aa8c6371482be5b9c719ef9e
- SHA512
  
  dcd7ef997cc75035340e68706094a0c118f1beccdcc5862c21a96458726b89b6fdb3f9563734630796bdd164e5f93dc0e61ccb27df27235c376c4e54ecbe6170
- SSDEEP
  
  24576:ctb20pkaCqT5TBWgNQ7aWQXC9PnTYBN9mSSsNcG6A:FVg5tQ7aWYBBBSA35
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  GUÍA AÉREA 5526456806.exe
- Size
  
  1.1MB
- MD5
  
  9943450c5d5c2f2ede521f05c3b9632f
- SHA1
  
  b245ea0fa36d1e100047dc7b40aba0d7a1e3aebf
- SHA256
  
  8fe864adbc9a6ec504fa9629494b1dc4091472e655e455ea749a57febac23d6a
- SHA512
  
  d86650d071b855f39f67b827733b14d368a753885a4e27c9c759b1f77144657c59185b4e032bafdd4b6c1fedc0cd7ddf9adbca8501e4fe96ac2289512022099a
- SSDEEP
  
  24576:/Cdxte/80jYLT3U1jfsWaHW7DU6JYqauCtjIMQ:ew80cTsjkWaHW/hKs
Score

5^/10

discovery
- Suspicious use of SetThreadContext
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral4

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral5

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral6

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral7

behavioral8