Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
SecuriteInfo.com.BehavesLike.Win32.Generic.nm.26462
General
Target
Size
Sample
SecuriteInfo.com.BehavesLike.Win32.Generic.nm.26462
39KB
210122-pepyjdy6ea
Score
10 /10
MD5
SHA1
SHA256
SHA512
093581879b31e72cb9f58572e92a326b
79f62189cca9d966bf5fa783f54d6ad9032fe820
7284ce088723465f101b804f22a27e235f6ae8148dd1120508e3fed43348ed54
8440c62ca7cb060deea4c96c6957fd59d29c4617acae5b9c6e284caae2610d80ed107bfab765a3c5e010e3744cf6a8b150f633319f8731f142937b05a9a75d6a
Malware Config
Targets
Target
MD5
Filesize
SecuriteInfo.com.BehavesLike.Win32.Generic.nm.26462
093581879b31e72cb9f58572e92a326b
39KB
Score
10 /10
SHA1
SHA256
SHA512
79f62189cca9d966bf5fa783f54d6ad9032fe820
7284ce088723465f101b804f22a27e235f6ae8148dd1120508e3fed43348ed54
8440c62ca7cb060deea4c96c6957fd59d29c4617acae5b9c6e284caae2610d80ed107bfab765a3c5e010e3744cf6a8b150f633319f8731f142937b05a9a75d6a
Tags
Signatures
-
AgentTesla
-
Reads data files stored by FTP clients
Description
Tries to access configuration files associated with programs like FileZilla.
Tags
TTPs
-
Reads user/profile data of local email clients
Description
Email clients store some user data on disk where infostealers will often target it.
Tags
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Looks up external IP address via web service
Description
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks