Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
Order_611_MALEK#93032_2098302_2920293_90HU90_30092F_DHUU3HAPRIL.exe
General
Target
Size
Sample
Order_611_MALEK#93032_2098302_2920293_90HU90_30092F_DHUU3HAPRIL.exe
293KB
210408-c9amawspy6
Score
10 /10
MD5
SHA1
SHA256
SHA512
ad7baaa29ab40c8d956f6fcf2b2fa876
aed8041c786df0fb9d087b55785cf7046114d275
b87b28a8f83442cb616dd3da7e520617a8b57280ca0098fb3721d6142978cc5f
99c62d7f77e139d74e5c951686a2347bc4668c1568038f71ada7d8b048eac5312c96541cb08d983112f3ad41ec373bb100f4ee2880ccda355f26c96da92ad97a
Malware Config
Extracted
| Family | agenttesla |
| Credentials |
Protocol: smtp Host: mail.privateemail.com Port: 587 Username: penny@mbalikova.com Password: Gc7BuDF8@F |
Targets
Target
MD5
Filesize
Order_611_MALEK#93032_2098302_2920293_90HU90_30092F_DHUU3HAPRIL.exe
ad7baaa29ab40c8d956f6fcf2b2fa876
293KB
Score
10 /10
SHA1
SHA256
SHA512
aed8041c786df0fb9d087b55785cf7046114d275
b87b28a8f83442cb616dd3da7e520617a8b57280ca0098fb3721d6142978cc5f
99c62d7f77e139d74e5c951686a2347bc4668c1568038f71ada7d8b048eac5312c96541cb08d983112f3ad41ec373bb100f4ee2880ccda355f26c96da92ad97a
Tags
Signatures
-
AgentTesla
-
AgentTesla Payload
-
Reads user/profile data of local email clients
Description
Email clients store some user data on disk where infostealers will often target it.
Tags
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks