agenttesla | 4956b9129aff66718f432333169c7822c093ccc7bfa0268c2642baaf4b69bc32 | Triage

Sharing

General

Target

OC 129075-JG-3229-password(Af9X1p8D).zip
Size

762KB
Sample

250328-za9gta1va1
MD5

8f5ee138058834ca5a3f95748787d6d7
SHA1

e4c46e8c25fd8d11a1c99826e7979666b83fd82f
SHA256

4956b9129aff66718f432333169c7822c093ccc7bfa0268c2642baaf4b69bc32
SHA512

d7b2001b509e44dc8cc16b35e29432cceb9e80f0a6b88eef7c6d617b75ad23b7c564ffe362aebf9d48ae4aabfb15bd798c098257d2c1e538eb13d018deeb3883
SSDEEP

12288:K9AuyoisWv3czDdTCu6tPCJTszHuwxdyzsxyz0gjvAkDPKsLxpL8VWQKaQrrkqTa:/sWv30dJ6tPKTsDPxMYxyzljvAkDPKsc

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.stingatoareincendii.ro
Port:
21
Username:
[email protected]
Password:
3.*RYhlG)lkA

Targets

- Target
  
  OC 129075-JG-3229-password(Af9X1p8D).zip
- Size
  
  762KB
- MD5
  
  8f5ee138058834ca5a3f95748787d6d7
- SHA1
  
  e4c46e8c25fd8d11a1c99826e7979666b83fd82f
- SHA256
  
  4956b9129aff66718f432333169c7822c093ccc7bfa0268c2642baaf4b69bc32
- SHA512
  
  d7b2001b509e44dc8cc16b35e29432cceb9e80f0a6b88eef7c6d617b75ad23b7c564ffe362aebf9d48ae4aabfb15bd798c098257d2c1e538eb13d018deeb3883
- SSDEEP
  
  12288:K9AuyoisWv3czDdTCu6tPCJTszHuwxdyzsxyz0gjvAkDPKsLxpL8VWQKaQrrkqTa:/sWv30dJ6tPKTsDPxMYxyzljvAkDPKsc
Score

1^/10
behavioral1 behavioral2
- Target
  
  fd9916fc84093309bed7643c13a15d64e03b2b5a0afdf384ba68cf7fe3e35cd9.eml
- Size
  
  762KB
- MD5
  
  0967196daa815e116068f696ca939c9c
- SHA1
  
  85a8f0755345d641684a2e0952a9d10ecc478d67
- SHA256
  
  54b542efa4d9f32f89401cc40283785b7ea729bfcd67c44af15039441e3c097f
- SHA512
  
  9618fb564285cd8a3108f3f0060a20f4f53d24a675d2bee99b865af4f8c00fa8df144e6842cd246a8ecca2918b6474d921c7147458fb68d40d6bd1f7c8ef2add
- SSDEEP
  
  12288:8KCrbxscrFazRZAuq33Oi4B7+vaziIdAR2u5qcaM/aFGNwnIgRJkm0+vej:8h9rEvTi4B7+CzilYup7c2wpDUUej
Score

5^/10

discovery
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  OC 129075-JG-3229.001
- Size
  
  550KB
- MD5
  
  92ca133e27d245b891b865b36a8eaacc
- SHA1
  
  b945e869e422f972cf23370fec8c9f141a174c7a
- SHA256
  
  36fe9874c1c7e5c083ca7780dfe57018f5057ca1989472132a2d877409cb1f78
- SHA512
  
  494e7a820fc034a61f15fa7f77035f95a56b9b33fcb17af97b9b2bbddffad181a9492fcaf318284b8912d1f1f1c07be31611ee60864076eebcfadea3696944be
- SSDEEP
  
  12288:llOdZ9ZUIZ7vBN/2aS5LuYBlcCUf03KQMIKml77EG:l4dpBOhP0fJ7ml77
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  OC 129075-JG-3229.exe
- Size
  
  1.0MB
- MD5
  
  ca05eaa8df0531cb2f76d5a2baa5aaea
- SHA1
  
  688adb6f0a0ab7f13d47d0c16326221e20fa7b10
- SHA256
  
  66d7d602350b27bd25ca73436b6b7598c65e5022cc8062eb5c87dc604ab97952
- SHA512
  
  3e59f0eefd60ac5783ab291e89484532f5bf6ab105f83a4f34099815b26375097cf984050f9b00e2c90631cb07b600aa18cba3b93f24b1f4e2d6447a1e7cfdf0
- SSDEEP
  
  24576:3u6J33O0c+JY5UZ+XC0kGso6Fai9OXAa38dIApWY:Ru0c++OCvkGs9FaizxIJY
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral6

behavioral7

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral8

agenttesladiscoverykeyloggerspywarestealertrojan