agenttesla

General

Target

75ab568fe148e4d229533c5a6cd6b572.exe
Size

446KB
Sample

210422-zkfdhzafss
MD5

75ab568fe148e4d229533c5a6cd6b572
SHA1

27f2df18153729839b1ae3b0e579c1df0db59df0
SHA256

fb91f67073fef8d391ccb08c31183ff2ff00e8a8ca0f71fb5bfce17fb0ddbd26
SHA512

3ea21ae941fe9ba09e8f951c406e90b43bd64e50106a57893cd832ccc6954a77935982129079bbe402e616876597d0f71ab384cbccab2d323002bb8ada73ed51

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
janryone.xyz
Port:
587
Username:
[email protected]
Password:
xv*ZM6fqfw&7

Targets

- Target
  
  75ab568fe148e4d229533c5a6cd6b572.exe
- Size
  
  446KB
- MD5
  
  75ab568fe148e4d229533c5a6cd6b572
- SHA1
  
  27f2df18153729839b1ae3b0e579c1df0db59df0
- SHA256
  
  fb91f67073fef8d391ccb08c31183ff2ff00e8a8ca0f71fb5bfce17fb0ddbd26
- SHA512
  
  3ea21ae941fe9ba09e8f951c406e90b43bd64e50106a57893cd832ccc6954a77935982129079bbe402e616876597d0f71ab384cbccab2d323002bb8ada73ed51
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AgentTesla Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2