agenttesla

General

Target

eacf712d6ee65e4002090b5fd2629e97da8bf0b90de3cafb3a7a590cf84895a8
Size

863KB
Sample

250126-bjfdbswpcy
MD5

0bb260c0fa360e59553b86a7d94bd09a
SHA1

ddfdb07448646aefaeeb749b517740d5d06484c2
SHA256

eacf712d6ee65e4002090b5fd2629e97da8bf0b90de3cafb3a7a590cf84895a8
SHA512

604e774697a17f16b2c15a06a8c752080554c4f11812d5eb56ae3d3e19887592c4c442f706201f4ca951e8a0640007386ab70a47c0e959b4f6b3721ca823dc56
SSDEEP

24576:0q5TfcdHj4fmb1MczV8fogZWI21u1ohRZM3HAw:0UTsam/b+Wc+nM3

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.antoniomayol.com:21
Port:
21
Username:
[email protected]
Password:
cMhKDQUk1{;%

Targets

- Target
  
  eacf712d6ee65e4002090b5fd2629e97da8bf0b90de3cafb3a7a590cf84895a8
- Size
  
  863KB
- MD5
  
  0bb260c0fa360e59553b86a7d94bd09a
- SHA1
  
  ddfdb07448646aefaeeb749b517740d5d06484c2
- SHA256
  
  eacf712d6ee65e4002090b5fd2629e97da8bf0b90de3cafb3a7a590cf84895a8
- SHA512
  
  604e774697a17f16b2c15a06a8c752080554c4f11812d5eb56ae3d3e19887592c4c442f706201f4ca951e8a0640007386ab70a47c0e959b4f6b3721ca823dc56
- SSDEEP
  
  24576:0q5TfcdHj4fmb1MczV8fogZWI21u1ohRZM3HAw:0UTsam/b+Wc+nM3
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Agenttesla family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2