agenttesla | b4aa66e32f31335b5109c3f58ce0e8fc01fbfd45d3f4538f64895f9b9276ccf9 | Triage

Sharing

General

Target

b4aa66e32f31335b5109c3f58ce0e8fc01fbfd45d3f4538f64895f9b9276ccf9
Size

603KB
Sample

250123-blr5xawkfn
MD5

425fbcbc2df71bdcfae3924dcd9415ce
SHA1

521ff35e64c95cba093263e14c5b481778e191eb
SHA256

b4aa66e32f31335b5109c3f58ce0e8fc01fbfd45d3f4538f64895f9b9276ccf9
SHA512

9a98c58e7bfe20bef3266f2c0c7884c8e4c8296d953ee541b00e7fa106cab2105d34dfd09ce1f14bf12a83f53b248b9c477b954284ac8e9b4884d1776303ca38
SSDEEP

12288:614NcEW0aCn0Fk7TyZcsLCHTzXeLYeQt8aEhila7j75CW0sRXotm5GJMmc2T88:ksxqw0FGyisuHXXefQAhilaj5ZRS4GJB

Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.concaribe.com
Port:
21
Username:
[email protected]
Password:
ro}UWgz#!38E

Targets

- Target
  
  Dhl Shipment documents 000004040505060900006000.exe
- Size
  
  669KB
- MD5
  
  ba87031aefecd9e4e2d2046e3448ebae
- SHA1
  
  bf644d5d7620600abc0c4e789d29673a08d14855
- SHA256
  
  3b341295bc008e0dc9ae5033dd3f1cc4f3f06de336111045a0be9294cea5beb7
- SHA512
  
  2fd068e38f9bafcd2487b3c96d55368830f20c83e6398af090b6f3bb361fd2de074f631cf6d93acd0ac245814bd10504d41b6c651225bda84700586dba315d3d
- SSDEEP
  
  12288:xto55giYSTp3y0NGLgtIzKxtqak136iBxXmAsJb12vROPdmOz5HIhCM3hmm:k56iYSTpCeqgyzKSsBfF1MOzZIh1Am
Score

10^/10

discovery execution agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Blocklisted process makes network request
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan