Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
Quotation.exe
General
Target
Size
Sample
Quotation.exe
755KB
210408-6ljjqpw75e
Score
10 /10
MD5
SHA1
SHA256
SHA512
1e72fdc63d96b7f7681cb76d2eb34d36
66e0afcc111a42a15817ccb6fce14f885b354c95
1fa8f6d52e8299dc1a67d9b3ba8af0d876e12cae58f72276ebecd1711c9a97e7
00e1667bb4cd7d4228f4788779ee37677bdcf311dd4b802a63e08a2626a66b297d8ae8d20c1cf8c8f4f973feb516b24dc00cd1873a4c8ce693b18fa3671f77e5
Malware Config
Extracted
| Family | agenttesla |
| Credentials |
Protocol: smtp Host: smtp.vivaldi.net Port: 587 Username: Ricardo2021@vivaldi.net Password: Qwerty2020Hp## |
Targets
Target
MD5
Filesize
Quotation.exe
1e72fdc63d96b7f7681cb76d2eb34d36
755KB
Score
10 /10
SHA1
SHA256
SHA512
66e0afcc111a42a15817ccb6fce14f885b354c95
1fa8f6d52e8299dc1a67d9b3ba8af0d876e12cae58f72276ebecd1711c9a97e7
00e1667bb4cd7d4228f4788779ee37677bdcf311dd4b802a63e08a2626a66b297d8ae8d20c1cf8c8f4f973feb516b24dc00cd1873a4c8ce693b18fa3671f77e5
Tags
Signatures
-
AgentTesla
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Description
Tries to access configuration files associated with programs like FileZilla.
Tags
TTPs
-
Reads user/profile data of local email clients
Description
Email clients store some user data on disk where infostealers will often target it.
Tags
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks