agenttesla | 86a32cb0fb642641f2b04987043472edaa31b283c437a64c9e0fb7a549ac10a5 | Triage

Sharing

General

Target

OC4800217265.exe
Size

842KB
Sample

250423-xwtx5sxthx
MD5

548903a363e2f9be2bd95f62ee173751
SHA1

8d6ef8b729c2920384d2b5573fac868cbae52028
SHA256

86a32cb0fb642641f2b04987043472edaa31b283c437a64c9e0fb7a549ac10a5
SHA512

734e8806b8e68a4ebff9e50090b4f80312bff14220422a76c5d508f162934f6873879f2af3d9cdcc1c1188335c7d62fdda2ab03c2e5dee90450091138520ed00
SSDEEP

24576:69qP0SjC8MEWsEOLXtiA7XQtaaGbOHxnX:GSjC83DEAdi6gMaGbOHxX

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.stingatoareincendii.ro
Port:
21
Username:
[email protected]
Password:
3.*RYhlG)lkA

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.stingatoareincendii.ro
Port:
21
Username:
[email protected]
Password:
3.*RYhlG)lkA

Targets

- Target
  
  OC4800217265.exe
- Size
  
  842KB
- MD5
  
  548903a363e2f9be2bd95f62ee173751
- SHA1
  
  8d6ef8b729c2920384d2b5573fac868cbae52028
- SHA256
  
  86a32cb0fb642641f2b04987043472edaa31b283c437a64c9e0fb7a549ac10a5
- SHA512
  
  734e8806b8e68a4ebff9e50090b4f80312bff14220422a76c5d508f162934f6873879f2af3d9cdcc1c1188335c7d62fdda2ab03c2e5dee90450091138520ed00
- SSDEEP
  
  24576:69qP0SjC8MEWsEOLXtiA7XQtaaGbOHxnX:GSjC83DEAdi6gMaGbOHxX
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan