agenttesla

General

Target

2308555df32d269e7cb940396da079915df60a0013aff656cfd3754534edd09c
Size

853KB
Sample

250123-bphewawlgl
MD5

3dc984c15b6d220eaf30c0a9651ab54a
SHA1

e88616aa0fa63f2c588aaaf051d8a426e9cb1992
SHA256

2308555df32d269e7cb940396da079915df60a0013aff656cfd3754534edd09c
SHA512

837dc0fa94517687167a15e3b5676187cc57a81069bcfd8beb334cdbb469e167aec2b90d88f557689465a1a9ed3829cd957b3053ca6b7ab843747063b133a5ef
SSDEEP

12288:46Wq4aaE6KwyF5L0Y2D1PqLE6CQCTW3M6NHIkcN7LyvRxusuA3aJcmOEwGeG0VqH:OthEVaPqLE6CzlDX7GpxunG6ZODGx0V4

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.stingatoareincendii.ro
Port:
21
Username:
[email protected]
Password:
3.*RYhlG)lkA

Targets

- Target
  
  2308555df32d269e7cb940396da079915df60a0013aff656cfd3754534edd09c
- Size
  
  853KB
- MD5
  
  3dc984c15b6d220eaf30c0a9651ab54a
- SHA1
  
  e88616aa0fa63f2c588aaaf051d8a426e9cb1992
- SHA256
  
  2308555df32d269e7cb940396da079915df60a0013aff656cfd3754534edd09c
- SHA512
  
  837dc0fa94517687167a15e3b5676187cc57a81069bcfd8beb334cdbb469e167aec2b90d88f557689465a1a9ed3829cd957b3053ca6b7ab843747063b133a5ef
- SSDEEP
  
  12288:46Wq4aaE6KwyF5L0Y2D1PqLE6CQCTW3M6NHIkcN7LyvRxusuA3aJcmOEwGeG0VqH:OthEVaPqLE6CzlDX7GpxunG6ZODGx0V4
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Agenttesla family

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2