agenttesla | 0ff61493bb8f1bf345423477f40c96eafa064da22c74283f6532455b9a36fe3a | Triage

Sharing

General

Target

0ff61493bb8f1bf345423477f40c96eafa064da22c74283f6532455b9a36fe3a
Size

886KB
Sample

250124-r2vhzavmcp
MD5

3e852bf6017eed6e18bb0bce696ee797
SHA1

92f939b19ae05ddf6450984989471d91a46cc0bf
SHA256

0ff61493bb8f1bf345423477f40c96eafa064da22c74283f6532455b9a36fe3a
SHA512

f5be0b1d5f186b44f6124b5a91a7b28efee5174b38b87f4afbd88feb45ee189cf68ee4d3407c2445a4df3953a589a470a7107c72a124abf31073e3dd1439c22f
SSDEEP

24576:d7kOqWKoqnUleLqaGylxs74YnVV7h2Lyafv:dICK/nNLqAU4XLtv

Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.ercolina-usa.com
Port:
21
Username:
[email protected]
Password:
nXe0M~WkW&nJ

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.ercolina-usa.com
Port:
21
Username:
[email protected]
Password:
nXe0M~WkW&nJ

Targets

- Target
  
  QUOTATION#00430.exe
- Size
  
  1.3MB
- MD5
  
  e7ab46308b583d9fa2239a3ed04e9542
- SHA1
  
  1afb9be479dbf4b559fd77485253bfff69200444
- SHA256
  
  24c0156c6d0f429c724c7b3d8dfbd803761d36e9461b4123765e136ec148b807
- SHA512
  
  aacdcfbca9dc9cb4eb63e68739423b144ed5543d10680dbbcd3013f44012fe28917bb1c9916ef61979efe0a63d921c664553856671847cbaf6c5b7766c3bbc05
- SSDEEP
  
  24576:KRmJkcoQricOIQxiZY1ia23X3tfWK49iLNICvGt2ys+Faze6su:PJZoQrbTFZY1ia2H3tfRvNzvhUFa6m
Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerpersistencespywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerpersistencespywarestealertrojan