agenttesla | 918b67ff393d8e2ad500d935063351a71519823e8819d43cb1673ac52564d6be | Triage

Resubmissions

28/03/2025, 20:04

250328-ytek4ssmw3 10

Sharing

General

Target

OC 129075-JG-3229-password(RqGrWIuP).zip
Size

762KB
Sample

250328-ytek4ssmw3
MD5

3fbc5cee6eb379ea51181b36e2743cad
SHA1

3bd62201214c0d0117ef17a4926674d84ac85a20
SHA256

918b67ff393d8e2ad500d935063351a71519823e8819d43cb1673ac52564d6be
SHA512

5cedfa16fea09533e777a9a35c484f1215e458555d5a28231b73381e59da1aa3801e3b66823fa7200b2708b6d71dd114c96b1a76221edf52a5121f8454261635
SSDEEP

12288:6+H9hcaXlX/4bxJlq4J95OGk6U1VfZi/QCI5B+45tiDeZIqoMkkaJpMHCbjzZtjg:1jca1v4bxJE4FOJ6UfqUB+45waSqoma4

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.stingatoareincendii.ro
Port:
21
Username:
[email protected]
Password:
3.*RYhlG)lkA

Targets

- Target
  
  OC 129075-JG-3229-password(RqGrWIuP).zip
- Size
  
  762KB
- MD5
  
  3fbc5cee6eb379ea51181b36e2743cad
- SHA1
  
  3bd62201214c0d0117ef17a4926674d84ac85a20
- SHA256
  
  918b67ff393d8e2ad500d935063351a71519823e8819d43cb1673ac52564d6be
- SHA512
  
  5cedfa16fea09533e777a9a35c484f1215e458555d5a28231b73381e59da1aa3801e3b66823fa7200b2708b6d71dd114c96b1a76221edf52a5121f8454261635
- SSDEEP
  
  12288:6+H9hcaXlX/4bxJlq4J95OGk6U1VfZi/QCI5B+45tiDeZIqoMkkaJpMHCbjzZtjg:1jca1v4bxJE4FOJ6UfqUB+45waSqoma4
Score

1^/10
behavioral1
- Target
  
  c5c342a67e23ea4068d59c306a508fef4017f0d3523e48bae5eec7e8ab3fcd5d.eml
- Size
  
  762KB
- MD5
  
  a30af76590f6f283674fd92ca670d76e
- SHA1
  
  5bf85453cefc9f6606ff7ab7f3fa917983f8dcfd
- SHA256
  
  d2386c65b13b179516630d9ef8a97dda3f5fce37e6de678d2cf88feb6d7ef7ec
- SHA512
  
  7908fd50a5980ee44f61bee681ea64b3bbc016d9166c4cbc2fbb0c7bc45ee8458439884184dfc79e99d544fe133379750fdd25a5cbe703a13837093a0a3e4f07
- SSDEEP
  
  12288:z8KCrbxscrFazRZAuq33Oi4B7+vaziIdAR2u5qcaM/aFGNwnIgRJkm0+veR:Yh9rEvTi4B7+CzilYup7c2wpDUUeR
Score

5^/10

discovery
- Drops file in System32 directory
behavioral2
- Target
  
  OC 129075-JG-3229.001
- Size
  
  550KB
- MD5
  
  92ca133e27d245b891b865b36a8eaacc
- SHA1
  
  b945e869e422f972cf23370fec8c9f141a174c7a
- SHA256
  
  36fe9874c1c7e5c083ca7780dfe57018f5057ca1989472132a2d877409cb1f78
- SHA512
  
  494e7a820fc034a61f15fa7f77035f95a56b9b33fcb17af97b9b2bbddffad181a9492fcaf318284b8912d1f1f1c07be31611ee60864076eebcfadea3696944be
- SSDEEP
  
  12288:llOdZ9ZUIZ7vBN/2aS5LuYBlcCUf03KQMIKml77EG:l4dpBOhP0fJ7ml77
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral3
- Target
  
  OC 129075-JG-3229.exe
- Size
  
  1.0MB
- MD5
  
  ca05eaa8df0531cb2f76d5a2baa5aaea
- SHA1
  
  688adb6f0a0ab7f13d47d0c16326221e20fa7b10
- SHA256
  
  66d7d602350b27bd25ca73436b6b7598c65e5022cc8062eb5c87dc604ab97952
- SHA512
  
  3e59f0eefd60ac5783ab291e89484532f5bf6ab105f83a4f34099815b26375097cf984050f9b00e2c90631cb07b600aa18cba3b93f24b1f4e2d6447a1e7cfdf0
- SSDEEP
  
  24576:3u6J33O0c+JY5UZ+XC0kGso6Fai9OXAa38dIApWY:Ru0c++OCvkGs9FaizxIJY
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral4

agenttesladiscoverykeyloggerspywarestealertrojan