agenttesla | d47191ab214f372b33b77e12537dcf71abb539ea65ad003f33d5d2ab784b9960 | Triage

Resubmissions

01/03/2025, 17:34

250301-v5kdysw1fx 10

01/03/2025, 04:40

250301-faxcps1nt6 10

Sharing

General

Target

d47191ab214f372b33b77e12537dcf71abb539ea65ad003f33d5d2ab784b9960.gz
Size

100KB
Sample

250301-v5kdysw1fx
MD5

ce3178b11395f01748729be305762d02
SHA1

88b1c1ca5e8cb0bc66e9642d94e21fd319da9f35
SHA256

d47191ab214f372b33b77e12537dcf71abb539ea65ad003f33d5d2ab784b9960
SHA512

09d7b13168fc3b81c742af314a33d9bff3b1527b552bc4d8e7978bfd94c0528e4eb42a57533fb9ac9ded2fb552c470a3d0cdd40c31857dfc17bc36f752a9c2ae
SSDEEP

1536:20zTHyfvyVzT4Zyh9mA5g1GUELtk2bcBBdnMih0Kabtau9ieXF/WCm2nfC0J:2UTyCVzT4Zy7mU7CHFa5paez3Fa0J

Score

10^/10

agenttesla collection discovery execution keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.urbantopo.gr
Port:
21
Username:
[email protected]
Password:
@urbantopo.gr

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.urbantopo.gr
Port:
21
Username:
[email protected]
Password:
@urbantopo.gr

Targets

- Target
  
  ORDER NEW LOBSTER LTD UK REFUK61#02282025.bat
- Size
  
  151KB
- MD5
  
  7587ced4dbac8f45b3f4e649fe40f15b
- SHA1
  
  791828a4defa168308217cb5d82b8b46fd365fc8
- SHA256
  
  a03f4a11a135ed1cb6b4f8b919fba0b381541d1f4f750e271614e46d01707d4f
- SHA512
  
  bc3fc56c7ddc02b66a5352101a9f74aba501c7e01dbd89a005b401f3aae4cf7980e2f83269925fbe0a9420b3eb031d0600eaf538240ce73ad147e780973633a9
- SSDEEP
  
  3072:ZwHf284RmbXIcBKTTlfmFWFAFWacBrzTJwxF:ZwHfeeXIUKlfmFWWFncBrzi7
Score

10^/10

discovery execution agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

agentteslacollectiondiscoveryexecutionkeyloggerspywarestealertrojan