Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
SecuriteInfo.com.BehavesLike.Win32.Generic.qm.14744
General
Target
Size
Sample
SecuriteInfo.com.BehavesLike.Win32.Generic.qm.14744
57KB
210121-xbq61v132n
Score
10 /10
MD5
SHA1
SHA256
SHA512
b95249a3ceacb06a049d3f211479fc7e
5de29c60c381140276e5e96b473018a73bdd53eb
bd600300188d8cb735f9e4afcc580398a2842126c9a5e884259fd2d46ac103af
3591c84202c405366e4fb38befabfe14fa3324745e32d1cc254c803e4e9a4bb7871afba6ee4649a2f33f97186640acbab2e75da4be9440d52711e416eac9bf47
Malware Config
Targets
Target
MD5
Filesize
SecuriteInfo.com.BehavesLike.Win32.Generic.qm.14744
b95249a3ceacb06a049d3f211479fc7e
57KB
Score
10 /10
SHA1
SHA256
SHA512
5de29c60c381140276e5e96b473018a73bdd53eb
bd600300188d8cb735f9e4afcc580398a2842126c9a5e884259fd2d46ac103af
3591c84202c405366e4fb38befabfe14fa3324745e32d1cc254c803e4e9a4bb7871afba6ee4649a2f33f97186640acbab2e75da4be9440d52711e416eac9bf47
Tags
Signatures
-
AgentTesla
-
Reads data files stored by FTP clients
Description
Tries to access configuration files associated with programs like FileZilla.
Tags
TTPs
-
Reads user/profile data of local email clients
Description
Email clients store some user data on disk where infostealers will often target it.
Tags
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Looks up external IP address via web service
Description
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks