Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
OCXQZK3KWmWNdRx.exe
General
Target
Size
Sample
OCXQZK3KWmWNdRx.exe
803KB
210122-ss997jyv4n
Score
10 /10
MD5
SHA1
SHA256
SHA512
c6286c765c37478223b99c6ab0dc96f5
eb043c7435526162e7e3a85005421fba3c1f3618
8392af9cff73aab10a60befd359d4ca2638d6a936071285579147303bb453497
04bfd49be5af17080f7fed1b28e665aa8a76e637589a3a0e4d846c79c79bfb56d78508898d2181b928e7483d7b4489f19831c58dea29ef0997d48b772da384e4
Malware Config
Extracted
| Family | agenttesla |
| Credentials |
Protocol: smtp Host: mail.flood-protection.org Port: 587 Username: uchedon@flood-protection.org Password: uchedon2424@ |
Targets
Target
MD5
Filesize
OCXQZK3KWmWNdRx.exe
c6286c765c37478223b99c6ab0dc96f5
803KB
Score
10 /10
SHA1
SHA256
SHA512
eb043c7435526162e7e3a85005421fba3c1f3618
8392af9cff73aab10a60befd359d4ca2638d6a936071285579147303bb453497
04bfd49be5af17080f7fed1b28e665aa8a76e637589a3a0e4d846c79c79bfb56d78508898d2181b928e7483d7b4489f19831c58dea29ef0997d48b772da384e4
Tags
Signatures
-
AgentTesla
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Description
Tries to access configuration files associated with programs like FileZilla.
Tags
TTPs
-
Reads user/profile data of local email clients
Description
Email clients store some user data on disk where infostealers will often target it.
Tags
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks