agenttesla | cf9be3ab22cad2af795295a926822faa4791f2268077284e4677a9fdea94bc32

Analysis

Target

FACTURA Y ALBARANES.exe
Size

279KB
MD5

30359e02370b8d3e1310942564e589ec
SHA1

7f24ff5a96647fb6a2c8b319acfd8bf5a897ad1e
SHA256

cf9be3ab22cad2af795295a926822faa4791f2268077284e4677a9fdea94bc32
SHA512

b13611ebb43ed9636ebd07cb98cab5a7c733058dc01e575acd432e87e61ff105ad64f47bfeb9ccbec86670fb709b959ab86d1eef42e87f3523db0ceeaf03644f

Score

10^/10

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware

Data from Local System
T1005

Credentials in Files
T1081
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware

Data from Local System
T1005

Credentials in Files
T1081
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

FACTURA Y ALBARANES.exe

pid process

1500 FACTURA Y ALBARANES.exe
1500 FACTURA Y ALBARANES.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

FACTURA Y ALBARANES.exe

description pid process

Token: SeDebugPrivilege 1500 FACTURA Y ALBARANES.exe

pid	process
1500	FACTURA Y ALBARANES.exe
1500	FACTURA Y ALBARANES.exe

description	pid	process
Token: SeDebugPrivilege	1500	FACTURA Y ALBARANES.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact