agenttesla | 3a737afe793d45ec2205d17180d37229c1222bd4857540b61a6e45ac8df74843 | Triage

Sharing

General

Target

3a737afe793d45ec2205d17180d37229c1222bd4857540b61a6e45ac8df74843
Size

1.5MB
Sample

250125-bsgmrazman
MD5

fd65cb7cb3910b4617dbef18df2648c4
SHA1

433bdb3869057a3c6f388a0e3ea5c0c5658b77f4
SHA256

3a737afe793d45ec2205d17180d37229c1222bd4857540b61a6e45ac8df74843
SHA512

194c73e1e6d8330b93c707f62903dd8c530c3a8fda57e11915eab5c74504b82047cb6d6ba8866de9cd93cb89a17b1c26541d6f01cf3a60d81f884633a0ad8969
SSDEEP

24576:NmwBXOoiz+G00cQWYiiLfJmc6Ns2VDdAVjaP+4a8ztxQX8F9toOSZD98+/1cq:BXGz+PQWYiiF56nVQjaLa8ztisXuRgq

Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.carbognin.it
Port:
21
Username:
[email protected]
Password:
59Cif8wZUH#X

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.carbognin.it
Port:
21
Username:
[email protected]
Password:
59Cif8wZUH#X

Targets

- Target
  
  3a737afe793d45ec2205d17180d37229c1222bd4857540b61a6e45ac8df74843
- Size
  
  1.5MB
- MD5
  
  fd65cb7cb3910b4617dbef18df2648c4
- SHA1
  
  433bdb3869057a3c6f388a0e3ea5c0c5658b77f4
- SHA256
  
  3a737afe793d45ec2205d17180d37229c1222bd4857540b61a6e45ac8df74843
- SHA512
  
  194c73e1e6d8330b93c707f62903dd8c530c3a8fda57e11915eab5c74504b82047cb6d6ba8866de9cd93cb89a17b1c26541d6f01cf3a60d81f884633a0ad8969
- SSDEEP
  
  24576:NmwBXOoiz+G00cQWYiiLfJmc6Ns2VDdAVjaP+4a8ztxQX8F9toOSZD98+/1cq:BXGz+PQWYiiF56nVQjaLa8ztisXuRgq
Score

10^/10

discovery execution agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

agenttesladiscoveryexecutionkeyloggerspywarestealertrojan